Air India Data Breach


    In News

    In News

    Recently, in a cyber-attack on Air India’s data processor, 10 years worth of the national carrier’s customer data have been leaked.

    About the Data Breach

    • The incident affected around 45 lakh data subjects in the world and pertained to personal data registered between August 2011 and February 2021.
    • Air India’s passenger service system provider, SITA, faced a sophisticated cyberattack in February 2021.
      • The attack was on SITA’s servers at its data centre in Atlanta, US.
    • The details include name, date of birth, contact information, passport information, ticket information, Star Alliance and Air India frequent flyer data and credit card data.
    • Air India assured its passengers that there was no evidence of any misuse of the data and even though no passwords data were affected.
    • Implications
      • The breach may pose litigation risks for the airline that could further delay the privatisation process.
      • The current process of privatisation may go slow as there will be fear of unquantified litigation risks and the incident provides for a new issue for a discussion with potential bidders.

    Remedial Measures

    • Investigation of the data security incident.
    • Advised customers to change their passwords.
    • Securing the compromised servers.
    • Engaging external data security specialists.
    • Notifying the credit card issuers.
    • Resetting the passwords of Air India frequent flyer programmes.
    • Prioritise efforts to contain the damage and prevent further frauds.

    About SITA 

    • It is a Switzerland-based technology company specialising in air transport communications and information technology.
    • It was started by 11 member airlines and now has over 2,500 customers in more than 200 countries.
    • It offers services such as passenger processing, reservation systems, etc.
    • Air India had entered into a deal with SITA in 2017 to upgrade its IT infrastructure to enable it to join Star Alliance.
      • Star Alliance is the world’s largest global airline alliance. It was founded in May 1997 and its headquarters is located in Frankfurt am Main, Germany.
    • SITA Passenger Service System is responsible for storing and processing of personal information of the passengers.
    • At Air India, SITA also implemented an online booking engine, departure control system, check-in and automated boarding control, baggage reconciliation system and the frequent flyer programme.
    Cyber Attack

    • It is an assault launched by cybercriminals using one or more computers against a single or multiple computers or networks.
    • It can maliciously disable computers, steal data, or use a breached computer as a launch point for other attacks.
    • It targets computer information systems, infrastructures, and computer networks.
    • Cyberwarfare: It is the use of digital attacks or computer- or network-based conflict to attack a nation, causing harm to actual warfare and/or disrupting the vital computer systems, infrastructure, etc.
      • In these types of attacks, nation-state actors attempt to disrupt the activities of organizations or nation-states, especially for strategic or military purposes and cyberespionage.
    • Tools of Cyber Attacks
      • Malware: It is a malicious software to disrupt computers and can include Virus, Spyware, Trojans, etc.
      • Phishing: It is the method of trying to gather personal information using deceptive e-mails and websites.
      • Denial-of-Service (DoS) Attack: It shuts down a machine or network, making it inaccessible to its intended users.
      • Hacktivism: It is misuse of a computer system or network for a socially or politically motivated reason.
      • Social Engineering: It is the term used for a broad range of malicious activities accomplished through human interactions enticing users to provide confidential information.
    • Impact of Cyber Attacks
      • Economic Costs: This involves theft of intellectual property, corporate information, disruption in trading and the cost of repairing damaged systems.
      • Reputational Costs: This includes loss of consumer trust and loss of future customers to competitors due to poor media coverages.
      • Regulatory Costs: GDPR and other data breach laws can impact an organization to suffer from regulatory fines or sanctions due to these cybercrimes.

    (Image Courtesy: GL)

    (Image Courtesy: CT)

    Safeguards Available In India Against Cyber Threats

    • Information Technology Act, 2000 (Amended in 2008): It is the main law for dealing with cybercrime and digital commerce in India.
    • National Critical Information Infrastructure Protection Centre: It was created under Section 70A of IT Act 2000 to protect cyber-infrastructure.
    • Cyber Emergency Response Team, India (CERT-In): It is the national nodal agency for Cyber Security and is Operational since 2004.
    • National Cyber Security Policy, 2013: The policy provides the vision and strategic direction to protect the national cyberspace.
    • Cyber Swachhta Kendra: Cyber Swachhta Kendra helps users to analyse and keep their systems free of various viruses, bots/ malware, Trojans, etc.
    • Indian Cyber Crime Coordination Centre (I4C): Launched in 2018, It is an apex coordination centre to deal with cybercrimes.
    • Cyber Surakshit Bharat: It was launched by the Ministry of Electronics and Information Technology (MEITy) in 2018 with the aim to spread awareness about cybercrime and building capacity for safety measures for Chief Information Security Officers (CISOs) and frontline IT staff across all government departments.
    • Cyber Warrior Police Force: It was organised on the lines of the Central Armed Police Force (CAPF) in 2018.

    Source: TH