Data Breach Case Study: Air India Airlines Cyberattack

A recent cyberattack has compromised Air India IT systems in February affecting the personal data of millions of people all across the globe. This cyberattack on Air India took the confidential data of its passengers who used Air India between August 26, 2011, and February 20, 2021. It happened on the SITA passenger service system and data of approximately 45 lakh passengers got compromised. It is being considered as one of the biggest data breaches in the airline industry.

What is SITA and its association with Air India?

A Switzerland-based technology company (SITA) specializes in Information Technology and Air transport communications. This is a company that initially started at a small scale consisting of just 11 airline members. With time the company grew and converted into a large-scale company. Now, it has more than 2500 customers in more than 200 countries. It provides services related to airline operations like reservation systems, passenger processing, etc.

For enabling Air India to join Star Alliance, it entered into a contract between 2017 for upgrading its IT infrastructure. SITA provided various facilities to Air India like baggage reconciliation system, departure control system, online booking engine, check-in, and automated boarding control, frequent flyer program, and many others.

Details of Air India Data Breach


In March, SITA flagged a cyber-attack as said by Air India. This attack occurred in February reported in March reveals the breach of confidential information of some passengers who used Air India airlines services. Data breaches not only happened with Air India but with other airlines as well and even other critical infrastructure are under constant cyberattacks. Like Singapore Airlines, Malaysia Airlines, Air New Zealand, Jeju Air.

SITA provided notification regarding the breach of data. The information compromised consists of passengers’ names, dates of birth, passport information, contact information, Star Alliance and Air India frequent flyer data, credit card details, ticket information, and many others. SITA confirmed that SITA does not hold CVV/CVC data. But Air India requested its customers to change their passwords to ensure extra safety of their data.

Air India Response to the Incident

  • Air India is one of the Indian Firms that openly disclosed the data breach. SITA has investigated a lot regarding the breach. Owing to this cyber attack and data breach, Air India took various measures. 
  • They secured the servers compromised. After this massive cyberattack, Air India engaged with external data security specialists to avoid the chances of occurrence of this kind of data breach in the future. This external specialist pays more attention to the data safety of its customers. 
  • Air India company also notified the credit card issuers. The breach and compromisation of customer’s credit card details. Though CVV/CVC details were not compromised. 
  • But still, Air India advised its customer to change their password for extra safety. Air India also ensured that there was no misuse of their confidential data.
  •  They even had a word with Indian regulatory agencies and Overseas regulatory agencies regarding the same issue. In a nutshell, Air India took extra measures to ensure the safety of their customers’ data and other confidential information.

Related posts

Leave a Comment