Skip to main content

SITA hack may have been worse than thought following Air India breach

representational image of a cloud firewall
(Image credit: Pixabay)

The data breach affecting airline data giant SITA is still having a damaging effect across the world, according to new disclosures about the hack.

Indian airline Air India has revealed that the personal data of around 4.5 million travellers was affected by the SITA hack, with information such as names, date of birth, contact information, passport information, frequent flyer and credit cards data number all affected.

Air India is now urging passengers registered between August 26 2011 and February 3 2021 to change passwords immediately to ensure their accounts are not further affected. The airline added that CVV/CVC numbers used for payment processing are not saved by SITA, so were not impacted.

SITA breach

As a result of the breach, Indian Airlines states that it has taken necessary steps to secure the data saved on the compromised servers and has engaged with “external specialists of data security incidents, contacting credit card issuers and resetting passwords of its frequent flyer programme.”

The breach follows a sophisticated and sustained series of attacks that were carried out on SITA over the course of several weeks. Along with Air India, the Geneva-based firm handles consumer data of various airlines, Singapore Airlines, Lufthansa, and United.

Almost a dozen different airlines had to inform passengers that some of their data has been accessed after an intruder managed to breach the SITA Passenger Service System (PSS) used to handle transactions from ticket reservations to boarding.

Via BleepingComputer