Hack of IT provider exposes data on 4.5 million Air India passengers

Data on 4.5 million Air India passengers was compromised in a hack of a major IT provider to the airline industry, Air India announced last week.

The initial breach of the IT provider, SITA — disclosed in March — affected numerous airlines from Lufthansa to Cathay Pacific, but the investigation has now revealed one of its biggest victims yet in India’s flagship air carrier.

The breach covers nearly a decade of data on Air India passengers, and includes passport, ticket information and credit card information, Air India said in a statement.

Air India said it has secured the hacked servers, notified credit card firms of the breach and reset passwords for frequent flyer accounts. The airline also advised passengers to change their own passwords where applicable.

“[O]ur data processor has ensured that no abnormal activity was observed after securing the compromised servers,” the statement said.

It is still unclear who is behind the hack of SITA, a Switzerland-based IT services firm that airlines around the world use to manage reservations. In March, a SITA spokesperson told CyberScoop the investigation was ongoing, adding: “We do not speculate about potential attackers or motives publicly.”

A SITA spokesperson reiterated that statement on Monday.

The airline industry faces distinct threats from cybercriminals interested in profiting from stolen payment data and state-linked hackers keen on tracking passenger movements. In the former category, prolific scammers who use an attack technique known as Magecart compromised the British Airways website in a 2018 breach affecting hundreds of thousands of passengers.

Meanwhile, hackers linked to multiple countries’ intelligence services have probed the aviation industry for access to high-value targets. One of the more recent examples came in January,  when researchers said a Chinese-linked group had stolen passenger records at unnamed airline carriers.