MUMBAI: Air India on Friday said it has suffered a massive cybersecurity attack targeting its servers by unknown hackers in which personal information of lakhs of passengers were leaked.

According to Air India, the data breach has affected around 45 lakh customers registered between August 26, 2011 and February 2, 2021 across the world. The data that have been compromised include names, credit card details, date of birth, contact information and ticket details. However, the airline clarified that no passwords or CVV/CVC numbers were leaked.

The attack targeted Geneva-based passenger system operator SITA that serves the Star Alliance of airlines including Air India, Singapore Airlines, Lufthansa and United.

“SITA PSS our data processor of the passenger service system (which is responsible for storing and processing of personal information of the passengers) had recently been subjected to a cybersecurity attack leading to personal data leak of certain passengers,” Air India said in an email to customers. “This incident affected around 4,500,000 data subjects in the world.”

Air India said it had launched an investigation into the incident and took steps like securing the compromised servers, getting external data security specialists on board and resetting passwords. “While we and our data processor continue to take remedial actions…We would also encourage passengers to change passwords wherever applicable to ensure safety of their personal data,” the statement added.