The Air India customer data breach is in headlines these days. SITA, the data center located in USA reported that the attack took almost three weeks to hack the data of 45 lakh passengers.
SITA’s passenger service system became a victim of a well-planned cyber-attack, and a decade long customers’ data was leaked. This includes the customer names, date of birth, contact information, passport details and other sensitive data like credit card information and the frequent flyer data.
SITA is a Switzerland-based technology company. It specializes in air transport communications and information technology. SITA offers services such as passenger processing, reservation systems etc. When it started it had 11 airlines companies as its members. Now it has over 2500 customers in more than 200 countries. Air India started taking services from SITA from 2017 onwards for up gradation of its IT infrastructure to enable it to join Star Alliance.
This is not a sole incident where data breach has occurred. SITA is one of the world’s leading air transport communications and IT companies. It says that the personal data of various airlines went through a cyber-attack stored on its servers, Air India being one of them.
In a duration of 22 days’ time, the passenger data stored on SITA’s servers located at its center in Atlanta,Gerogia, suffered a highly sophisticated cyber-attack. According to the global head of the SITA PSS Edna Ayme-Yahil, their investigations are going on and immediate actions have been taken to contact the airlines customers and other related organizations.
As the data between August 2011 to February 2021 was breached, the company provided the details of the data that has been compromised very precisely to Air India. The data records within each of the relevant data categories too has been given. She further added that some of the personal data of several airline passengers is also included in the above.
SITA is sharing technical information with airlines regarding the tactics, techniques and procedures and indicators of compromise used by the cyber-attackers. However, further details could not be shared due to security reasons.
The company said in a statement that the pandemic has raised concerns about the security threats. Cyber criminals have become more active and sophisticated. As this was a highly sophisticated attack, SITA acted swiftly and initiated targeted containment measures. The matter remains under continued investigation by it with the support of leading external experts in cyber security.
National career Air India has also confirmed that SITA-their data processor, had recently been subjected to a cyber security attack leading to personal data leak of certain passengers. And that it has affected 45 lakh passengers, identity of the affected data subjects was provided to AI on March 25 and April 5.
Smrutirekha Bhoi