Air India on Friday reported a major cyberattack that led to a data leak of as many as 4.5 million passengers. Although the national carrier said that it’s investigating the incident, it is a major breach affecting passengers from around the world.

Also read: Major US pipeline forced to shut down after a cyber attack

Here is everything we know about the incident till now:

1) SITA PSS, Air India’s data processor of the passenger service system, which is responsible for storing and processing of personal information of the passengers, was subjected to a cyberattack.

2) Data of as many as 4.5 million passengers from around the world was affected.

3) The leak affected the personal data registered between August 26, 2011 and February 3, 2021.

4) Name, date of birth, contact information, passport information, ticket information of Star Alliance and Air India frequent flyer data and credit cards data were leaked.

5) Regarding credit cards, CVV/CVC numbers are not held by the data processor, Air India said.

6) The government-owned airliner was first informed about the cyberattack by SITA PSS on February 25, 2021.

7) Air India has, however, clarified that the identity of the affected data subjects was only provided to it on March 25 and April 4.

8) The airliner said it’s investigating the incident and is securing the compromised servers.

Also read: New modus operandi by fraudsters to withdraw money from ATMs

9) It is engaging external specialists of data security incidents and is notifying and liaising with the credit card issuers.

10) Air India has asked the passengers to change passwords wherever applicable to ensure safety of their personal data.