Hackers have stolen data on about 4.5 million Air India passengers around the world in the latest breach reported by a major airline.
Names, credit card numbers and passport information were among the data stolen, Air India said in a statement released late Friday.
The state-owned giant said it was “securing the compromised servers” and using “external specialists” on data security as well as working with credit card companies.
“We deeply regret the inconvenience caused and appreciate continued support and trust of our passengers,” the airline said.
Read more: Probe into Indian cyberattack on govt and military officials launched: ISPR
A number of airlines have been hit by data breaches in recent years. British Airways was fined $28 million last year by a British watchdog after details of 400,000 passengers were lost in a 2018 cyberattack.
Cathay Pacific was fined $700,000 after details of more than nine million clients were lost in 2018.
And low-cost carrier EasyJet said last year that hackers had taken the email and travel details of about nine million customers.
Air India announced in March that it had been informed in February by its data processing company, SITA PSS of a cyberattack.
Air India data breached in a major Cyber attack. Breach involves Passengers personal Information including Credit Card Info and Passport Details. Other Global Airlines are likely affected too.#airindia #CyberAttack @airindiain@rahulkanwal @sanket @maryashakil pic.twitter.com/XxUORgInJQ
— Jiten Jain (@jiten_jain) May 21, 2021
The breach involved personal data registered between August 2011 and February 2021, the airline said.
SITA, which provides IT backup to much of the aviation industry, said at the time that it had been the target of a “highly sophisticated attack” that had affected a number of airlines.
Air India is part of the Star Alliance coalition of airlines and SITA handles computer operations for its frequent flyer programme.
Read more: Is Pakistan’s cyber security strong enough to protect the country?
Other airlines in the alliance warned passengers in March of the cyberattack but most said only names and frequent flyer numbers had been accessed.
AFP with additional input by GVS News Desk