Air India, India's national carrier, has revealed that the personal data of about 4.5 million people were leaked in an alleged cyberattack on the airline's passenger system operator, SITA.
The airline said credit card, passport, booking details and other personal data had been illegally accessed in the "highly sophisticated" attack.
The carrier did not specify how many of its passengers were impacted.
Air India said that credit card CVV numbers — that give increased card security — had not been revealed to the hackers as the information was not held by the data processor. The carrier advised customers to change their account passwords as a precaution.
The airline was apparently notified of the breach in February, but the identity of the hackers was only provided to them by SITA in March and April.
Passengers were only notified of the hack now.
Part of a wider breach
India's flag carrier isn't the only one affected by the cyberattack on SITA.
Several airlines, such as New Zealand Air and Lufthansa, part of the Star Alliance, the world's largest airline alliance, informed passengers of a data breach in March after SITA publicly confirmed a cyberattack on its US passenger service system server.
The Air India breach comes at a time when the government is trying to sell the debt-ridden airline.
am/mm (AP, dpa)