The UK’s knowledge safety regulator is investigating the leak of Air India’s passenger knowledge which has impacted 4.5 million prospects globally.
India doesn’t have a particular knowledge safety legislation and a invoice on the topic is pending in Lok Sabha since 2019. Nevertheless, European Union and UK legal guidelines require airways to place in place measures for knowledge safety and report circumstances of information breach to regulators within the continent inside 72 hours of changing into conscious of it. Non-compliance or negligence can lead to steep fines.
“Air India has reported an incident to us and we’re investigating. Anybody who is worried about their private knowledge ought to contact the airline first. If they’re nonetheless not happy they’ll convey their considerations to the ICO,” mentioned a spokesperson of the Data Commissioner’s Workplace, the UK’s knowledge safety regulator.
In a Could 15 notification to passengers Air India knowledgeable that non-public knowledge of 4.5 million prospects was impacted following a cybersecurity assault on the servers of SITA, which supplies passenger service techniques to the airline.
This included private knowledge registered between August 2011 to February 2021 and contains passenger names, date of delivery, contact info, passport info, ticket info, frequent flyer and bank card knowledge.
Whereas the airline obtained an intimation of the cybersecurity assault on February 25, it mentioned the identification of the affected prospects was made out there by SITA on March 25 and April 5.
Although the airline is going through criticism for delay in informing passengers, an aviation supply aware of the matter mentioned Air India undertook the required steps in accordance with legislation.
“As quickly because the airline turned conscious of the information breach it reported the incident to all of the regulators in Europe and different geographies in 72 hours. The airline has additionally engaged attorneys abroad following the incident to advise it on future actions. As of now there isn’t a report of any antagonistic occasion or misuse of passenger bank cards,” the supply
Air India didn’t reply to an e mail question on the subject.
Earlier the airline mentioned it has taken varied steps following the incident together with an investigation. It mentioned compromised servers have been secured and exterior knowledge safety specialists have been engaged. It has additionally liaised with bank card issuers.