Image Credit: Wikipedia Creative Commons

A massive cyberattack on ‘Sita’, the IT giant which operates data processing for over 90% of the global aviation industry, has also engulfed India’s national carrier, Air India. In a statement released today, Air India confirmed that personal data of over 4.5 Million travellers, including credit card details, has been leaked. In a statement released back in March, Sita termed the cyberattack, “a highly sophisticated” one.

While the attack was confirmed by Sita in early-March, it is only now that Air India has informed its passengers of the same. While the airline says that it was informed late of the attack, passengers were noticeably angered, considering that the time to change passwords and salvage some information, has perhaps elapsed.

Sita, the Geneva-based company that runs passenger processing systems for airlines such as ticketing and baggage control, said the incident occurred on 24 February. Sita took “immediate action” to contact affected customers and all related organisations, Sita said in a statement.

“We recognise that the Covid-19 pandemic has raised concerns about security threats, and, at the same time, cyber-criminals have become more sophisticated and active. This was a highly sophisticated attack.

“Sita acted swiftly and initiated targeted containment measures. The matter remains under continued investigation by Sita’s security incident response team with the support of leading external experts in cyber-security.”

In a statement released today, Air India said, “The breach involved personal data registered between 26th August 2011 and 3rd February 2021, with details that included name, date of birth, contact information, passport information, ticket information, Star Alliance and Air India frequent flyer data (but no passwords data were affected) as well as credit cards data. However, in respect of this last type of data, CVV/CVC numbers are not held by our data processor,”