Professional Documents
Culture Documents
Latest Report On Current State of Air India After The Data Breach
Latest Report On Current State of Air India After The Data Breach
Last few months, India's leading airline, Air India, announced that it had been the
victim of a massive hack that affected up to 4.5 million passengers.
Unknown hackers had accessed their data, which included passport information
and some credit card information. A cybersecurity firm now claims, with
"moderate" confidence, that Air India was hacked by APT41, a well-known Chinese
government-sponsored espionage and cybercriminal cell. APT41, also known as
WICKED SPIDER (PANDA), Winnti Umbrella, and BARIUM, is suspected of
conducting state-sponsored espionage and financially motivated cybercrime in
China's interests.
The threat actor has been active since at least 2007, according to Group-Threat IB's
Intelligence & Attribution system. The attackers began moving laterally after
establishing persistence in the network and obtaining passwords. The threat actor
gathered data from within the local network, including the names and addresses of
network resources. The hacked devices were placed in multiple subnets, according
to Group-Threat IB's Intelligence & Attribution data, which could indicate that the
compromise touched distinct areas of Air India's network.
While the initial assault vector is unknown, the attack on Air India lasted at least 2
months and 26 days, according to Group-IB documents. Cobalt Strike beacons were
spread across the airline's network in 24 hours and 5 minutes by the attackers.
Air India has been sued by a flyer over the recent personal data leak
of 4.5 million customers.
An Air India flyer has sought damages from the airline after the recent leak of personal
data of 4.5 million passengers including hers and her husband's.
A legal notice was sent to Air India management on Sunday by Ritika Handoo in which
she said that the airline informed her about the breach on June 1, her lawyer said.
Terming the breach as a violation of her "right to be forgotten and informational
autonomy", she sought a compensation of Rs 30 lakh.
Air India had acknowledged the breach in March but did not reveal any further details
about it. In its latest announcement, it moved to assure its passengers that there was no
evidence of “misuse” of the data but urged its customers to change their passwords to
ensure the security of their confidential information.
Air India, which assured its passengers that there was no evidence of any “misuse” of the
data, said it is in touch with regulatory agencies in India and abroad over the attack.
The airline also noted that it had engaged various data security specialists to look into
compromised servers and are also currently in talks with credit card companies to reset
the passwords of Air India's frequent flyer members.
References:
Air India Data breach: All you need to know. Google. Retrieved October 8, 2021, from
https://www.google.com.ph/amp/s/www.hindustantimes.com/india-news/air-india-data-
breach-all-you-need-to-know-101621647788771-amp.html.
Big Airline heist: Apt41 likely behind a third-party attack on Air India. Group. (n.d.). Retrieved
October 8, 2021, from https://blog.group-ib.com/colunmtk_apt41.
India, P. T. of. (2021, July 4). Air India Flyer seeks damages over data breach of 4.5 million
passengers. Business Standard. Retrieved October 8, 2021, from https://wap.business-
standard.com/article/companies/air-india-flyer-seeks-damages-over-data-breach-of-4-5-
million-passengers-121070400608_1.html.
Air India's massive data breach - following best practices for data security is more important
than ever. Cryptomathic. Retrieved October 8, 2021, from https://www.cryptomathic.com/news-
events/blog/air-indias-massive-data-breach-compliance-to-major-rules-of-data-security-of-more-
important-than-ever.