Air India Hacked and the Data of 4.5 Million Passengers Leaked

Last updated September 28, 2021
Written by:
Bill Toulas
Bill Toulas
Infosec Writer

Air India, the government-owned airline that serves over 102 domestic and international destinations, has confirmed that it has been affected by the SITA (Société Internationale de Télécommunications Aéronautiques) incident that was disclosed in March. More specifically, Air India was one of the many airlines using SITA’s Passenger Service System, which was compromised by sophisticated actors back in February 2021.

In Air India's case, the actors managed to access and exfiltrate data corresponding to 4.5 million passengers, spanning between August 26, 2011, and February 3, 2021.

The types of data that have been compromised include the following:

In the notification distributed to the exposed customers, Air India also clarifies that no passports were stored in the compromised software. However, registered members are still advised to reset their passwords out of an abundance of caution. For more information on how this incident affects you specifically, you may call 0124-2641415 or send an email to [email protected].

SITA’s security lapse has affected many international airlines and their customers, including Lufthansa, Air New Zealand, Singapore Airlines, SAS, Cathway Pacific, Jeju Air, Malaysia Airlines, American Airlines, and Finnair. Considering that the Star Alliance network (which relies on SITA solutions) counts 26 members, there could be more airlines that are still carrying out their internal investigation at the moment.

In general, if you’re a member of a frequent flyer rewards program in any airline, the chances of your details having been compromised are significant. So far, no info about who was behind the SITA hack have been published, so the origin, indicators of compromise, and motivation of the actors remain unknown or simply undisclosed.

Air India is further investigating with the help of external cybersecurity experts and is taking steps to secure the compromised servers for future incidents of this type. If you have received a notice from the airline, reset your password on the platform and anywhere else you could be using the same credentials, treat all incoming communications with care, and report any scamming or phishing attempts against you to the authorities.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: