Air India hacking: What data got leaked, what not and how to stay safe

In a major cybersecurity incident, the personal data of 45 lakh Air India flyers worldwide has been leaked.

The entire personal database of Air India passengers registered over a period of nearly 10 years– between 26 August 2011 and 3 February 2021– has been hacked.

Here are all the details you need to know about the data leak and what you should do to stay safe.

How the data got hacked?

Air India in a statement to the media claimed that the SITA PSS data processor of the passenger service system, which is responsible for storing and processing of personal information of the passengers, was hit by a cyberattack.

What has leaked:

Personal data of customers including passport number 

Personal data of Air India flyers like name, date of birth, contact information, passport information, ticket information, Star Alliance and Air India frequent flyer data have leaked.


Flyers credit and debit card number  

Air India has confirmed that the credit and debit card details of affected users have leaked as well.


What has not leaked:

 CVV/CVC numbers of credit and debit cards have not leaked  

Fortunately, CVV/CVC numbers of cards are secured and haven’t leaked because these were not stored by the SITA PSS data processor.

No passwords leaked  

Also, no password data has leaked, as per Air India.


What affected customers need to do immediately to stay safe  

If you have ever booked an Air India flight then change all account passwords immediately. This includes passwords of internet banking and debit or credit card PINs. As a precautionary step, you may want to replace your debit or credit card with a new one from your bank. If that’s not possible, keep a tab on the transactions and ensure that you do not have a large amount of money in those bank accounts.


How customers whose data has leaked can be targeted by hackers and cybercriminals

Usually, after any database breach, phishing attempts follow. Do not click on random web links that you may receive over SMS or email. With this leaked data, you can expect to be a target of phishing attacks or other related scams. Also, remember that this data could be used by scammers in a different way to target you. Don’t entertain any unknown calls, SMS, WhatsApp messages or emails.


What not to do:

Beware of customer care scams  

If you get calls from a so-called customer care executive from Air India, your bank or any other company that claims to fix an issue with your account or talks about some credit card offers or protection plans, simply do not entertain such calls. With the amount of personal data the scammers have it is effortless for them to manipulate you into a bigger scam.


Don’t accept unknown packages from delivery executives  

The data leak contains your passport address, phone number, name and other personal data. A new type of scam includes a person, pretending to be a delivery executive, knocking at your door with a random package and forcing you to pay money for the same. This is the typical cash-on-delivery scam which includes the scammer manipulating and harassing you to pay for something that you haven’t ordered.


Don’t share passwords or OTP with anyone and pay attention to random OTP messages that you get  

If you get any calls or messages that ask for an OTP that you have received on your phone number simply know that it’s a scam. Never reveal any OTP to anyone apart from the service you have to use it for. If you get a lot of OTP requests from a certain domain that know that someone is trying to skim you.


What has Air India done so far  

Air India claims that it has secured the compromised servers and new users are safe. It is resetting passwords of the Air India FFP program and is notifying and liaising with the credit card issuers. While the airline is investigating the data security incident, Air India said that it is “engaging external specialists of data security incidents.”

Reference : Gadgets Now

Scroll to Top