On Sunday, an Air India passenger submitted a court notice claiming damages for the loss of personal data, her spouse, and herself along with 4.5 million passengers. For the data breach, Ritika Handoo, a Delhi-based journalist, has filed a Rs 30 lakh lawsuit against the airline. She claims the hack violated her “right to be forgotten” and “informational autonomy.”
According to PTI, Air India had alerted the complainant of the data loss a month prior, when it was revealed that its passenger service system supplier had been the victim of a cyberattack in February. According to Air India, the breach compromised roughly 45 lakh consumers who booked with the airline between August 26, 2011, and February 3, 2021, roughly three months after it was first notified of the incident, the breadth of the leak was revealed.
SITA, the passenger processing system that serves the Star Alliance of airlines, including Singapore Airlines, Lufthansa, British Airways, United Airlines, and Malaysia Airlines was the aim of the cyberattack.
In March, Air India confirmed the incident but did not provide any more information. It sought to reassure its passengers that there was no indication of “misuse” of the data in its most recent notification but advised them to change their passwords to safeguard the protection of their personal information.
The help of several data security experts was also taken to investigate the hacked servers, airline also stated that it has also enlisted it in discussions with credit card providers to change the passwords of frequent flyer members. Handoo sued Air India for “knowingly, deliberately, and deliberately leaking personal data and breaching sensitive information,” according to the notification.