1. Skip to content
  2. Skip to main menu
  3. Skip to more DW sites

Air India admits to data breach

May 23, 2021

The airline said that personal information from credit cards, passports, tickets and frequent flyer clubs were stolen by hackers.

Air India planes on the tarmac at New Delhi airport
India's flag carrier airline was apparently notified of the breach in FebruaryImage: AFP/M. Sharma

Air India, India's national carrier, has revealed that the personal data of about 4.5 million people were leaked in an alleged cyberattack on the airline's passenger system operator, SITA.

The airline said credit card, passport, booking details and other personal data had been illegally accessed in the "highly sophisticated" attack.

The carrier did not specify how many of its passengers were impacted.

Air India said that credit card CVV numbers — that give increased card security — had not been revealed to the hackers as the information was not held by the data processor. The carrier advised customers to change their account passwords as a precaution.

The airline was apparently notified of the breach in February, but the identity of the hackers was only provided to them by SITA in March and April.

Passengers were only notified of the hack now.

Part of a wider breach

India's flag carrier isn't the only one affected by the cyberattack on SITA.

Several airlines, such as New Zealand Air and Lufthansa, part of the Star Alliance, the world's largest airline alliance, informed passengers of a data breach in March after SITA publicly confirmed a cyberattack on its US passenger service system server.

The Air India breach comes at a time when the government is trying to sell the debt-ridden airline.

am/mm (AP, dpa)

Skip next section Explore more
Skip next section DW's Top Story

DW's Top Story

Russian soldiers at a victory day parade in Moscow
Skip next section More stories from DW
Go to homepage