The state-owned giant said names, credit card numbers and passport information were among the data stolen, adding that the breach involved personal data registered between August 2011 and February 2021.
Hackers have stolen data from about 4.5 million Air India passengers around the world in the latest breach reported by a major airline.
Names, credit card numbers and passport information were among the data stolen, Air India said in a statement released late Friday.
The state-owned giant said it was "securing the compromised servers" and using "external specialists" on data security as well as working with credit card companies.
"We deeply regret the inconvenience caused and appreciate continued support and trust of our passengers," the airline said.
Data breach this year till today:— Anshul Saxena (@AskAnshul) May 21, 2021
1. Air India
Note: In respect of credit cards data, CVV/CVC numbers are not held by Air India's data processor.
2. Domino's India
Many companies don’t even inform when they suffer data leak.
Frequent breaches against against flight companies
A number of airlines have been hit by data breaches in recent years.
British Airways was fined $28 million last year by a British watchdog after details of 400,000 passengers were lost in a 2018 cyberattack.
Cathay Pacific was fined $700,000 after details of more than nine million clients were lost in 2018.
And low-cost carrier EasyJet said last year that hackers had taken the email and travel details of about nine million customers.
Personal data registered 2011 and 2021 accessed
Air India announced in March that it had been informed in February by its data processing company, SITA PSS of a cyberattack.
The breach involved personal data registered between August 2011 and February 2021, the airline said.
SITA, which provides IT backup to much of the aviation industry, said at the time that it had been the target of a "highly sophisticated attack" that had affected a number of airlines.
Air India is part of the Star Alliance coalition of airlines and SITA handles computer operations for its frequent flyer programme.
Other airlines in the alliance warned passengers in March of the cyberattack but most said only names and frequent flyer numbers had been accessed.