New Delhi:  India’s national airline carrier Air India has following the cyber security attack, which led to personal data leak of certain passengers, initiated certain measures immediately to ensure data safety while categorically stating the “protection of our customers’ personal data is of highest importance to us".


Below are the measures taken by Air India to ensure data safety:



  • Investigating the data security incident

  • Securing the compromised servers

  • Engaging external specialists of data security incidents

  • Notifying and liaising with the credit card issuers

  • Resetting passwords of Air India FFP program


Air India in a release said “our data processor has ensured that no abnormal activity was observed after securing the compromised servers”.


ALSO READ | Air India Reports Massive Data Breach! Credit Card Details, Passport Info Of 4.5 Mn Customers Compromised


“We deeply regret the inconvenience caused and appreciate continued support and trust of our passengers,” the release added.


Stating this incident affected around 4,500,000 data subjects in the world, Air India said: “The breach involved personal data registered between 26th August 2011 and 3rd February 2021, with details that included name, date of birth, contact information, passport information, ticket information, Star Alliance and Air India frequent flyer data (but no passwords data were affected) as well as credit cards data. However, in respect of this last type of data, CVV/CVC numbers are not held by our data processor.”


Air India said it received the first notification in this regard from the data processor on February 25.


What Air India Customers Are Advised To Do:


Soon after the cyber attack was reported, Air India, in its official statement, released guidelines for customers to ensure safety of their personal information.


All customers, who have recently booked ticket through Air India using their credit/debit card details are advised to change their passwords wherever applicable to keep their data safe.


Though, the airlines has ensured that no passwords of customers were affected in the data breach, it is still advised to change them at the earliest possible. 


ALSO READ | Petrol Price Breaches Rs 93 In Delhi, Close To Rs 100-Mark In Mumbai; Check Latest City Rates Here


It is to be noted that details including name, DOB, contact info, passport info, ticket info, Star Alliance and Air India frequent flyer dataand credit cards data were compromised in the attack.


“We would like to clarify that the identity of the affected data subjects was only provided to us by our data processor on 25.03.2021 & 5.04.2021. The present communication is an effort to apprise of accurate state of facts as on date and to supplement our general announcement of 19th March 2021 initially made via our website,” Air India added.


While the level and scope of sophistication is being ascertained through forensic analysis and the exercise is ongoing, SITA has confirmed that no unauthorised activity has been detected inside the system's infrastructure after the incident.


Air India along with the service provider is carrying out risk assessment and would further update as and when it becomes available.