Air India admits to data breach impacting 4.5m customers, sat on the news for five weeks


India’s flag carrier, Air India, has admitted it fell foul of the data breach at aviation information services provider SITA, and that its disclosure comes five weeks after it was notified of the situation.

A new statment from the airline says that personal data describing around 4.5 million of its customers leaked when SITA revealed it had been breached in March 2021.

When it admitted to the breach, SITA revealed the names of airline customers that had already informed customers about the situation. Air India was not on the list SITA provided to The Register for our March 5th story, but the carrier posted its own notice on March 19th that said the airline’s “Passenger Service System provider has informed about a sophisticated cyber-attack it was subjected to in the last week of February 2021”. SITA was not named in that statement.

Read more…