In a major cyber security incident, personal data of 45 lakh Air India flyers worldwide has leaked. The entire personal database of Air India passengers registered over a period of nearly 10 years– between 26 August 2011 and 3 February 2021– has been hacked. Here are all details you need to know about the data leak and what you should do to stay safe.
How Air India got hacked
Air India in a statement to the media claimed that the SITA PSS data processor of the passenger service system, which is responsible for storing and processing of personal information of the passengers, was hit by a cyberattack.
What has leaked: Personal data of customers including passport number
Personal data of Air India flyers like name, date of birth, contact information, passport information, ticket information, Star Alliance and Air India frequent flyer data have leaked.
What has leaked: Flyers credit and debit card number
Air India has confirmed that credit and debit card details of affected users have leaked as well.
What has not leaked: CVV/CVC numbers of credit and debit cards has not leaked
Fortunately, CVV/CVC numbers of cards are secured and haven’t leaked because these were not stored by the SITA PSS data processor.
What has not leaked: No passwords leaked
Also, no password data has leaked, as per Air India.
What affected customers need to do immediately to stay safe
If you have ever booked an Air India flight then change all account passwords immediately. This includes passwords of internet banking and debit or credit card PINs. As a precautionary step you may want to replace your debit or credit card with a new one from your bank. If that’s not possible, keep a tab on the transactions and ensure that you do not have a large amount of money in those bank accounts.
How customers whose data has leaked can be targeted by hackers and cybercriminals
Usually after any database breach, phishing attempts follow. Do not click on random web links that you may receive over SMS or email. With this leaked data, you can expect to be a target of phishing attacks or other related scams. Also, remember that this data could be used by scammers in a different way to target you. Don’t entertain any unknown calls, SMS, WhatsApp messages or emails.
What not to do: Beware of customer care scams
If you get calls from a so-called customer care executive from Air India, your bank or any other company that claims to fix an issue with your account or talks about some credit card offers or protection plans, simply do not entertain such calls. With the amount of personal data the scammers have it is very easy for them to manipulate you into a bigger scam.
What not to do: Don’t accept unknown packages from delivery executives
The data leak contains your passport address, phone number, name and other personal data. A new type of scam includes a person, pretending to be a delivery executive, knocking at your door with a random package and forcing you to pay money for the same. This is the typical cash-on-delivery scam which includes the scammer manipulating and harassing you to pay for something that you haven’t ordered.
What not to do: Don’t share passwords or OTP with anyone and pay attention to random OTP messages that you get
If you get any calls or messages that ask for an OTP that you have received on your phone number simply know that it’s a scam. Never reveal any OTP to anyone apart from the service you have to use it for. If you get a lot of OTP requests from a certain domain that know that someone is trying to skim you.
What has Air India done so far
Air India claims that it has secured the compromised servers and new users are safe. It is resetting passwords of Air India FFP program and is notifying and liaising with the credit card issuers. While the airline is investigating the data security incident, Air India said that it is “engaging external specialists of data security incidents.”
