Data of 4.5m Passengers Was Stolen in SITA Cyberattack
10 Years of Air India’s Passenger Data Got Stolen in the Cyberattack.
SITA became the victim of a cyberattack that led to a “data security incident” involving passenger data that was stored on SITA Passenger Service System Inc. servers located in Atlanta, Georgia in the United States.
SITA is a multinational information technology company specialized in providing IT and telecommunication services to the air transport industry, that is servicing about 90% of the world’s airline business.
After the attack, SITA issued an official statement confirming it had been the subject of a sophisticated cyberattack, and soon after the statement came out more airlines confirmed they have been directly affected.
SITA confirms that it was the victim of a cyber-attack, leading to a data security incident involving certain passenger data that was stored on SITA Passenger Service System (US) Inc. servers. Passenger Service System (US) Inc. (“SITA PSS”) operates passenger processing systems for airlines.
After confirmation of the seriousness of the data security incident on February 24, 2021, SITA took immediate action to contact affected SITA PSS customers and all related organizations.
Some of the companies that have independently disclosed the impact of the breach were Singapore Airlines, Air New Zealand, British Airways, American Airlines, Lufthansa, Malaysia Airlines, Finnair, Japan Airlines, United Airlines, SAS, Cathay Pacific, South Korean airline Juju Air, and TAROM, but now Air India has also disclosed that the incident resulted in a massive data breach, with the data of around 4.5 million of its passengers being stolen.
Our data processor (SITA) has ensured that no abnormal activity was observed after securing the compromised servers.
The stolen information contains names, dates of birth, contact and passport information, ticket information, Star Alliance and Air India frequent flyer data, and credit card data, but no frequent flyer passwords or CVV/CVC
Air India said to have understood the severity of the cyber-attack only last month. They declared to have conducted investigations, securing compromised servers, engaging external specialists, notifying and liaising with credit card issuers, and resetting passwords of the Air India FFP program trying to handle the situation.
It seems like the airline found out about the incident on February 25th (and issued a warning on March 19th), but only learned the identities of affected passengers on March 25th and May 4th as it was already investigating the breach.
Air India would like to inform its valued customers that its passenger service system provider has informed them about a sophisticated cyber-attack it was subjected to in the last week of February 2021.
While the level and scope of sophistication are being ascertained through forensic analysis and the exercise is ongoing, SITA has confirmed that no unauthorized activity has been detected inside the system’s infrastructure after the incident, it added.
Air India meanwhile is in liaison with various regulatory agencies in India and abroad, and has apprised them about the incident in accordance with its obligations.
It’s still not clear who was responsible for the massive breach as more victims are appearing but no ransomware demand has been made up to this point.
Heimdal™ Threat Prevention - Network
- No need to deploy it on your endpoints;
- Protects any entry point into the organization, including BYODs;
- Stops even hidden threats using AI and your network traffic log;
- Complete DNS, HTTP and HTTPs protection, HIPS and HIDS;