The Indian flag carrier Air India Ltd. has revealed that the personal data of some 4.5 million of its customers were stolen following an attack on information technology services company SITA in March.
Stolen data includes passenger names, credit card details, dates of birth, contact information, ticket information, and frequent flyer information. The airline noted that the passwords were not affected. The stolen data covers passengers who traveled with the airline between August 2011 and February this year.
Air India said in a recent statement that it had reported over the weekend that it had taken action since learning of the breach for the first time, including launching an investigation, securing compromised servers, hiring of third-party specialists, notification and liaison with credit card issuers and resetting passwords of the Air India frequent flyer program.
SITA is a multinational information technology company that serves 400 members and 2,800 customers in the transportation industry and claims to serve 90% of the world’s airlines. The attack was only described as a cyberattack with no details on the form of the attack. TechCrunch then reported that airlines such as Malaysia Airlines Berhad, Finnair Oyj, Singapore Airlines Ltd., Jeju Air Co. Ltd., Air New Zealand Ltd., Cathay Pacific Airways Ltd., Deutsche Lufthansa AG and United Airlines Inc. for the incident.
“Once again, cybercriminals fly with millions of personally identifiable airline passenger data, just in time to travel in the summer,” Saryu Nayyar, executive director of the unified security company, told SiliconANGLE. risk analysis Gurucul Solutions Pvt Ltd. AG. “The stolen data can be used in social engineering scams to steal even more from these victims.”
Rajiv Pimplaskar, director of revenue for authentication platform provider Veridium Ltd., noted that while the exact cause of the non-compliance with SITA data is not yet known, it is clear that loyalty accounts, such as now frequent travelers or hotel rewards programs, are main targets of theft credentials as they contain rich personal identifying information.
“In addition, loyalty accounts have less stringent rules regarding the reset or reuse of passwords compared to financial services accounts that use multifactor authentication methods, which facilitates credential collection and side movement,” he said. add Pimplaskar. “Airlines and the hospitality industry need to accelerate the adoption of password-free technologies, such as ‘phone as a token’ or FIDO2 security keys that eliminate this reliance on credentials.”
Photo: Masakatus Ukon / Wikimedia Commons
Since you are here …
Show your support for our mission by subscribing to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant business and emerging technology content. Thanks!
We support our mission: >>>>>> SUBSCRIBE NOW >>>>>> on our YouTube channel.
… We would also like to tell you about our mission and how you can help us accomplish it. The business model of SiliconANGLE Media Inc. it is based on the intrinsic value of content, not advertising. Unlike many online publications, we do not have a pay wall or publish banners because we want to keep our journalism open, without influence or need to pursue traffic.Journalism, reporting, and commentary on SiliconANGLE, along with live, unscripted video from our Silicon Valley studio and balloon trotting video equipment at elCUB – Take a lot of work, time and money. To maintain high quality, we need the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like reports, video interviews, and other ad-free content here, take a moment to see a sample of video content supported by our sponsors. tweet your support, and keep going back to SiliconANGLE.