It has emerged that a data breach that struck Indian IT operator SITA a few months back was likely a lot worse than originally thought, with new companies claiming to have suffered attacks as a result.
As reported by TechCrunch, Indian air company Air India has notified 4.5 million of its customers that their data may have been compromised, and urged them to take action.
In a statement, the company said passenger names, credit card details, birthdays, contact information, ticket data and passport data were all compromised, as well as data relating to Star Alliance and Air India frequent flyer programs.
While credit card CVV/CVC data was not held by SITA, Air India told its customers to change passwords “wherever applicable to ensure the safety of their personal data.” Whoever used Air India’s services in the past decade (from February 2011) may have been compromised.
A few months ago, SITA notified the public of a data breach, saying it reached out to Malaysia Airlines, Finnair, Singapore Airlines, Jeju Air, Cathay Pacific, Air New Zealand, and Lufthansa.
According to the TechCrunch report, SITA serves more than 90 percent of the world’s airlines, with India Express saying it has roughly 2,500 customers in more than 200 countries. The investigation into the breach is still ongoing, with an unnamed external security agency being brought in to analyze the situation and help with the mitigation.