4.5m customers' information leaked in massive Air India data breach

Data of around 4.5 million customers of the state-run Air India has been leaked following a massive cyber-attack on its data processor in February, the airline officials said Saturday.

The leaked data included customer information of credit cards, passports and phone numbers registered between August 26, 2011 and February 3, 2021, Air India said.

The airlines disclosed the scale of the breach nearly three months after it was first informed of it.

"While we had received the first notification in this regard from our data processor on 25.02.2021, we would like to clarify that the identity of the affected data subjects was only provided to us by our data processor on 25.03.2021 and 5.04.2021," Air India said in an e-mail to customers.

Air India said it had launched an investigation into the incident and took steps including securing the compromised servers, engaging external specialists of data security incidents, contacting credit card issuers and resetting passwords of its frequent flyer program .

"While we and our data processor continue to take remedial actions ... We would also encourage passengers to change passwords wherever applicable to ensure safety of their personal data," it said.