The breach of passenger data at Air India may pose litigation risks for the airline that could further delay the privatisation process, warn experts, adding that the national carrier must prioritise efforts to contain the damage from the cyber attack by informing passengers about steps they can still take to prevent fraud.
In a press statement, the airline said that its passenger processing system, supplied by multi-national information technology company SITA, was a target of a sophisticated cyber attack on February 25. Nearly 45 lakh “data subjects” registered over a period of 10 years between August 2011 to February 2021 were affected around the world, including passengers of other airlines such as Singapore Airlines, Lufthansa, Cathay Pacific, United Airlines, among others. The attack was on SITA’s servers at its data centre in Atlanta, United States.
“A major impact it may have is that the current process of privatisation may go slow as there will always be fear of unquantified litigation risks. They (government) may be able to separate past versus future liabilities, but it opens up a new avenue for a discussion with potential bidders,” said Sivarama Krishnan, Leader-Asia Pacific, Cybersecurity, PwC.
The extent to which individual airlines were affected due to the cyber attack varied from one airline to another. Some airlines wrote to their passengers saying only passenger names and frequent flyer numbers were stolen. In the case of Air India, the theft pertained to “name, date of birth, contact information, passport information, ticket information, Star Alliance and Air India frequent flyer data (but no passwords data were affected) as well as credit cards data (but no CVV data).”
Adopt remdial measures
Experts recommend that Air India must prioritise alerting its customers and asking them to take specific preventive steps, says Sanchit Gogia, ..
Support the originator by clicking the read the rest link below.
