Air India data breach

Last updated

The 2021 Air India cyberattack was a cyberattack that affected more than 4.5 million customers of Air India airlines. [1]

Contents

Cyberattack

On 21 May 2021, it was reported that Air India was subjected to a cyberattack whereas the personal details of about 4.5 million customers around the world were compromised including passport, credit card details, birth dates, name and ticket information. [2] [3] [4]

Air India's data processor, SITA which is a Swiss technology company known for offering passenger processing and reservation system services reported the data breach to Air India in around February 2021. [3] The data breach involved all information which was registered in the SITA data processor between 26 August 2011 and 20 February 2021. [5] [6] [7] It was also revealed that the cyberattackers gained access to the systems for a period of 22 days. [8]

It was reported that the compromised servers by the hackers were later secured and Air India took steps by engaging external data security specialists. Air India also guaranteed its passengers that there was no conclusive evidence on whether any misuse of the personal data has been reported. The airlines also urged and encouraged the passengers to immediately change their passwords. [9]

Related Research Articles

<span class="mw-page-title-main">Computer security</span> Protection of computer systems from information disclosure, theft or damage

Computer security, cybersecurity, digital security or information technology security is the protection of computer systems and networks from attacks by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

<span class="mw-page-title-main">Timeline of Internet conflicts</span>

The Internet has a long history of turbulent relations, major maliciously designed disruptions, and other conflicts. This is a list of known and documented Internet, Usenet, virtual community and World Wide Web related conflicts, and of conflicts that touch on both offline and online worlds with possibly wider reaching implications.

A data breach is a security violation, in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen, altered or used by an individual unauthorized to do so. Other terms are unintentional information disclosure, data leak, information leakage and data spill. Incidents range from concerted attacks by individuals who hack for personal gain or malice, organized crime, political activists or national governments, to poorly configured system security or careless disposal of used computer equipment or data storage media. Leaked information can range from matters compromising national security, to information on actions which a government or official considers embarrassing and wants to conceal. A deliberate data breach by a person privy to the information, typically for political purposes, is more often described as a "leak".

A supply chain attack is a cyber-attack that seeks to damage an organization by targeting less secure elements in the supply chain. A supply chain attack can occur in any industry, from the financial sector, oil industry, to a government sector. A supply chain attack can happen in software or hardware. Cybercriminals typically tamper with the manufacturing or distribution of a product by installing malware or hardware-based spying components. Symantec's 2019 Internet Security Threat Report states that supply chain attacks increased by 78 percent in 2018.

Cyberwarfare by Russia includes denial of service attacks, hacker attacks, dissemination of disinformation and propaganda, participation of state-sponsored teams in political blogs, internet surveillance using SORM technology, persecution of cyber-dissidents and other active measures. According to investigative journalist Andrei Soldatov, some of these activities were coordinated by the Russian signals intelligence, which was part of the FSB and formerly a part of the 16th KGB department. An analysis by the Defense Intelligence Agency in 2017 outlines Russia's view of "Information Countermeasures" or IPb as "strategically decisive and critically important to control its domestic populace and influence adversary states", dividing 'Information Countermeasures' into two categories of "Informational-Technical" and "Informational-Psychological" groups. The former encompasses network operations relating to defense, attack, and exploitation and the latter to "attempts to change people's behavior or beliefs in favor of Russian governmental objectives."

Cyberwarfare by China is the aggregate of all combative activities in the cyberspace which are taken by organs of the People's Republic of China, including affiliated advanced persistent threat groups, against other countries.

A cyberattack is any offensive maneuver that targets computer information systems, computer networks, infrastructures, personal computer devices, or smartphones. An attacker is a person or process that attempts to access data, functions, or other restricted areas of the system without authorization, potentially with malicious intent. Depending on the context, cyberattacks can be part of cyber warfare or cyberterrorism. A cyberattack can be employed by sovereign states, individuals, groups, societies or organizations and it may originate from an anonymous source. A product that facilitates a cyberattack is sometimes called a cyber weapon. Cyberattacks have increased over the last few years. A well-known example of a cyberattack is a distributed denial of service attack (DDoS).

<span class="mw-page-title-main">2014 JPMorgan Chase data breach</span> Cyberattack against an American bank

The 2014 JPMorgan Chase data breach was a cyberattack against American bank JPMorgan Chase that is believed to have compromised data associated with over 83 million accounts—76 million households and 7 million small businesses. The data breach is considered one of the most serious intrusions into an American corporation's information system and one of the largest data breaches in history.

Cozy Bear, classified by the United States federal government as advanced persistent threat APT29, is a Russian hacker group believed to be associated with one or more intelligence agencies of Russia. The Dutch General Intelligence and Security Service (AIVD) deduced from security camera footage that it is led by the Russian Foreign Intelligence Service (SVR), a view shared by the United States. Cybersecurity firm CrowdStrike also previously suggested that it may be associated with either the Russian Federal Security Service (FSB) or SVR. The group has been given various nicknames by other cybersecurity firms, including CozyCar, CozyDuke, Dark Halo, The Dukes, Midnight Blizzard, NOBELIUM, Office Monkeys, StellarParticle, UNC2452, and YTTRIUM.

The city of Atlanta, Georgia was the subject of a ransomware attack which began in March 2018. The city recognized the attack on Thursday, March 22, 2018, and publicly acknowledged it was a ransomware attack.

The 2018 SingHealth data breach was a data breach incident initiated by unidentified state actors, which happened between 27 June and 4 July 2018. During that period, personal particulars of 1.5 million SingHealth patients and records of outpatient dispensed medicines belonging to 160,000 patients were stolen. Names, National Registration Identity Card (NRIC) numbers, addresses, dates of birth, race, and gender of patients who visited specialist outpatient clinics and polyclinics between 1 May 2015 and 4 July 2018 were maliciously accessed and copied. Information relating to patient diagnosis, test results and doctors' notes were unaffected. Information on Prime Minister Lee Hsien Loong was specifically targeted.

The EasyJet data breach was a cyberattack on the computer systems of British airline EasyJet.

Data breach incidences in India were the second highest globally in 2018, according to a report by digital security firm Gemalto. With over 690 million internet subscribers and growing, India has increasingly seen a rise in data breaches both in the private and public sector. This is a list of some of the biggest data breaches in the country.

<span class="mw-page-title-main">2020 United States federal government data breach</span> US federal government data breach

In 2020, a major cyberattack suspected to have been committed by a group backed by the Russian government penetrated thousands of organizations globally including multiple parts of the United States federal government, leading to a series of data breaches. The cyberattack and data breach were reported to be among the worst cyber-espionage incidents ever suffered by the U.S., due to the sensitivity and high profile of the targets and the long duration in which the hackers had access. Within days of its discovery, at least 200 organizations around the world had been reported to be affected by the attack, and some of these may also have suffered data breaches. Affected organizations worldwide included NATO, the U.K. government, the European Parliament, Microsoft and others.

ShinyHunters is a criminal black-hat hacker group that is believed to have formed in 2020 and is said to have been involved in numerous data breaches. The stolen information is often sold on the dark web.

Lapsus$, stylised as LAPSUS$ and classified by Microsoft as Strawberry Tempest, was an international extortion-focused hacker group known for its various cyberattacks against companies and government agencies. The group was globally active, and has had members arrested in Brazil and the UK.

The 23andMe data leak was a data breach at personal genomics company 23andMe reported in October 2023. The cyberattack gathered profile and ethnicity information from millions of users. The affected customers were reported as primarily Ashkenazi Jews but also including hundreds of thousands of ethnically Chinese users. The hacker(s) stole information customers had chosen to share with their DNA matches, which could include name, profile photo, birth year, location, family surnames, grandparents' birthplaces, ethnicity estimates, mitochondrial DNA haplogroup, Y-chromosome DNA haplogroup, link to external family tree, and any text content a customer had optionally included in their "About" section. On December 4, 2023, the company confirmed that the hacker(s) had illicitly accessed data on approximately 6.9 million users.

References

  1. "Air India cyber-attack: Data of millions of customers compromised". BBC News. 22 May 2021. Retrieved 23 May 2021.
  2. "Cyber-Attack on Air India Led to Data Leak of 4.5 Million Fliers". Bloomberg. Retrieved 23 May 2021.
  3. 1 2 "Explained: What is the data breach that has hit Air India customers?". The Indian Express. 22 May 2021. Retrieved 23 May 2021.
  4. "Air India cyberattack: Personal data of over 4.5 million passengers leaked". The Irish Times. Retrieved 23 May 2021.
  5. "Air India flyers' data leaked after cyberattack, 45 lakh affected". The Indian Express. 22 May 2021. Retrieved 23 May 2021.
  6. "Air India: Hackers stole personal data of 4.5M people in cyber attack". Air India: Hackers stole personal data of 4.5M people in cyber attack. Retrieved 23 May 2021.
  7. "Air India data breach: Personal info of 45 lakh people leaked due to 'cyberattack'". The Economic Times. 22 May 2021. Retrieved 23 May 2021.
  8. Sinha, Saurabh (22 May 2021). "Air India data breach: SITA says cyber attackers 'accessed some systems for 22 days at Atlanta centre'". The Times of India. Retrieved 23 May 2021.
  9. "Air India data breach: All you need to know". Hindustan Times. 22 May 2021. Retrieved 23 May 2021.

See also

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.