Hack of IT provider exposes data on 4.5 million Air India passengers

The investigation into the hack of IT provider SITA has revealed one of its biggest victims yet.
Air India has advised customers to change their passwords. (Photo by MENAHEM KAHANA/POOL/AFP via Getty Images)

Data on 4.5 million Air India passengers was compromised in a hack of a major IT provider to the airline industry, Air India announced last week.

The initial breach of the IT provider, SITA — disclosed in March — affected numerous airlines from Lufthansa to Cathay Pacific, but the investigation has now revealed one of its biggest victims yet in India’s flagship air carrier.

The breach covers nearly a decade of data on Air India passengers, and includes passport, ticket information and credit card information, Air India said in a statement.

Air India said it has secured the hacked servers, notified credit card firms of the breach and reset passwords for frequent flyer accounts. The airline also advised passengers to change their own passwords where applicable.


“[O]ur data processor has ensured that no abnormal activity was observed after securing the compromised servers,” the statement said.

It is still unclear who is behind the hack of SITA, a Switzerland-based IT services firm that airlines around the world use to manage reservations. In March, a SITA spokesperson told CyberScoop the investigation was ongoing, adding: “We do not speculate about potential attackers or motives publicly.”

A SITA spokesperson reiterated that statement on Monday.

The airline industry faces distinct threats from cybercriminals interested in profiting from stolen payment data and state-linked hackers keen on tracking passenger movements. In the former category, prolific scammers who use an attack technique known as Magecart compromised the British Airways website in a 2018 breach affecting hundreds of thousands of passengers.

Meanwhile, hackers linked to multiple countries’ intelligence services have probed the aviation industry for access to high-value targets. One of the more recent examples came in January,  when researchers said a Chinese-linked group had stolen passenger records at unnamed airline carriers.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts