{"id":5376,"date":"2021-05-24T16:54:41","date_gmt":"2021-05-24T20:54:41","guid":{"rendered":"https:\/\/solutionsreview.com\/identity-management\/?p=5376"},"modified":"2021-05-24T16:54:41","modified_gmt":"2021-05-24T20:54:41","slug":"the-air-india-data-breach-expert-commentary-for-enterprises","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/identity-management\/the-air-india-data-breach-expert-commentary-for-enterprises\/","title":{"rendered":"The Air India Data Breach: Expert Commentary for Enterprises"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-4578\" src=\"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/swam.jpg\" alt=\"The Air India Data Breach: Expert Commentary for Enterprises\" width=\"800\" height=\"400\" srcset=\"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/swam.jpg 800w, https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/swam-300x150.jpg 300w, https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/swam-768x384.jpg 768w, https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/swam-540x270.jpg 540w, https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/swam-162x81.jpg 162w, https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/swam-360x180.jpg 360w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/p>\n<p style=\"text-align: justify\"><b><i>Air India recently disclosed suffering a data breach which exposed the personally identifying information of 4.5 million customers.\u00a0<\/i><\/b><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">The breach exposed customers\u2019 names, dates of birth, contact information, passport information, frequent flyer data, and some credit card information. Although passwords were not affected by the attack, the airline advises all customers to change their passwords as an extra security precaution.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">The disclosure of the Air India data breach comes three months after air transport data giant SITA disclosed its own breach; in fact, the two are related, as investigators continue to assess the damage. According to reports, customers that registered between August 26, 2011, and February 3, 2021, were affected.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">We spoke to several <span style=\"text-decoration: underline\"><strong><a href=\"https:\/\/suggestionengine.solutionsreview.com\/buyer\/signup\" target=\"_blank\" rel=\"noopener\">cybersecurity<\/a><\/strong><\/span> experts to learn more from the attack.\u00a0<\/span><\/p>\n<div class=\"widget\"><div class=\"aside-card\">\t\t\t<div class=\"textwidget\"><p><a class=\"iam-inject\" href=\"https:\/\/suggestionengine.solutionsreview.com\/buyer\/signup\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-1682\" title=\"\" src=\"https:\/\/solutionsreview.com\/identity-management\/files\/2021\/02\/Identity_Suggestion_Engine_Horiz_800.gif\" alt=\"IAM Solution Suggestion Engine\" width=\"800\" height=\"100\" \/><\/a><\/p>\n<\/div>\n\t\t<\/div><\/div>\n<h2 style=\"text-align: justify\"><b>Air India Data Breach: Expert Commentary<\/b><\/h2>\n<h3 style=\"text-align: justify\"><b>Saryu Nayyar<\/b><\/h3>\n<p style=\"text-align: justify\"><i><span style=\"font-weight: 400\">Saryu Nayyar (she\/her) is CEO of <\/span><\/i><a href=\"https:\/\/gurucul.com\/\" target=\"_blank\" rel=\"noopener\"><i><span style=\"font-weight: 400\">Gurucul<\/span><\/i><\/a><i><span style=\"font-weight: 400\">.\u00a0<\/span><\/i><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">\u201cOnce again, cyber-criminals are flying off with millions of personally identifiable data of airline passengers, just in time for summer travel. The data stolen can be used in social engineering scams to steal even more from these victims. The breach of third party IT Supplier to Air India, SITA, is to blame for this incident and numerous other breaches as SITA services 90 percent of the world\u2019s airlines. I liken this to the Takata airbag recall in that most car manufacturers rely on Takata for their airbags. And most airlines rely on SITA for airport, border, and aircraft operations. It\u2019s overwhelming to realize a single supplier can take down an entire industry\u2026 no one ever heard of SITA or Takata before these incidents. And now we\u2019ll never forget them.&#8221;<\/span><\/p>\n<h3 style=\"text-align: justify\"><b>Rajiv Pimplaskar<\/b><\/h3>\n<p style=\"text-align: justify\"><i><span style=\"font-weight: 400\">Rajiv Pimplaskar is CRO of <\/span><\/i><a href=\"https:\/\/www.veridiumid.com\/\" target=\"_blank\" rel=\"noopener\"><i><span style=\"font-weight: 400\">Veridium<\/span><\/i><\/a><i><span style=\"font-weight: 400\">.<\/span><\/i><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">&#8220;While the exact cause of the SITA data breach is not yet known, it is clear that loyalty accounts, such as frequent flier or hotel rewards programs are prime targets or \u201choneypots&#8221; for credential theft since they contain rich Personally Identifiable Information (PII).\u00a0 Further, loyalty accounts have less stringent rules around password resets or reuse as compared to financial services accounts employing multifactor authentication (MFA) methods thereby making it easier for credential harvesting and lateral movement.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">\u201cVerizon\u2019s Data Breach Investigations Report (DBIR) indicates that over 80 percent of data breaches use compromised credentials. Airlines and the hospitality industry need to accelerate their adoption of passwordless technologies such as \u201cphone as a token\u201d or FIDO2 security keys that eliminate this dependence on credentials. Passwordless authentication can reduce the attack surface of such breaches as well as limit the resulting data exposure. Finally, such authenticators have less friction and can be adopted by both employees and customers improving user experience and productivity.&#8221;<\/span><\/p>\n<h3 style=\"text-align: justify\"><b>Trevor Morgan<\/b><\/h3>\n<p style=\"text-align: justify\"><i><span style=\"font-weight: 400\">Trevor Morgan is Product Manager at <\/span><\/i><a href=\"https:\/\/www.comforte.com\/\" target=\"_blank\" rel=\"noopener\"><i><span style=\"font-weight: 400\">comforte AG<\/span><\/i><\/a><i><span style=\"font-weight: 400\">.\u00a0<\/span><\/i><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">\u201c<\/span><span style=\"font-weight: 400\">Attackers often target central airline management systems. They present attractive targets because passenger data persists for booking management purposes over long periods of time. Passenger data is quite sensitive, too, including financial data, identity information, reservations, passports, and travel history data. Penetrating one of these systems presents a gold mine of information for attackers to hold hostage or sell.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">By its very nature, travel data is global and therefore falls under a myriad of privacy and data security regulations from GDPR to CCPA and beyond. Airline and travel companies need to get the message that they have an ethical responsibility and a legal mandate to do everything they can to protect passenger information. Bare minimum data protection just won\u2019t do. This data, especially, should always be protected with data-centric methods such as modern data tokenization or format-preserving encryption technology. These data security methods protect the data itself rather than the perimeters around or access to it. By obfuscating the sensitive parts of data with benign tokens, data-centric security deters attackers from leveraging any data they steal. As we can see with the SITA incident and its effect on Air India, passenger data is vulnerable to compromise and should be tokenized at first touch to head off any detrimental effects if it falls into the wrong hands. That way, no matter where the passenger\u2014or the data\u2014travels, the data remains secure.<\/span><span style=\"font-weight: 400\">\u201d<\/span><\/p>\n<p style=\"text-align: justify\"><div class=\"hr hr\"><\/div><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Thanks to these experts for their time and expertise on the Air India Data Breach. For more, check out the <span style=\"text-decoration: underline\"><strong><a href=\"https:\/\/solutionsreview.com\/identity-management\/get-a-free-identity-and-access-management-software-solutions-buyers-guide\/\" target=\"_blank\" rel=\"noopener\">Identity Management Buyer\u2019s Guide<\/a><\/strong><\/span> and the <span style=\"text-decoration: underline\"><strong><a href=\"https:\/\/suggestionengine.solutionsreview.com\/buyer\/signup\" target=\"_blank\" rel=\"noopener\">Solutions Suggestion Engine<\/a><\/strong><\/span>.\u00a0<\/span><\/p>\n<div class=\"widget\"><div class=\"aside-card\">\t\t\t<div class=\"textwidget\"><p><a class=\"iam-inject\" href=\"https:\/\/suggestionengine.solutionsreview.com\/buyer\/signup\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-1682\" title=\"\" src=\"https:\/\/solutionsreview.com\/identity-management\/files\/2021\/02\/Identity_Suggestion_Engine_Horiz_800.gif\" alt=\"IAM Solution Suggestion Engine\" width=\"800\" height=\"100\" \/><\/a><\/p>\n<\/div>\n\t\t<\/div><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Air India recently disclosed suffering a data breach which exposed the personally identifying information of 4.5 million customers.\u00a0 The breach exposed customers\u2019 names, dates of birth, contact information, passport information, frequent flyer data, and some credit card information. Although passwords were not affected by the attack, the airline advises all customers to change their passwords [&hellip;]<\/p>\n","protected":false},"author":41,"featured_media":4578,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[5,1],"tags":[142,1696,125,16,11,112,1204,76,425],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>The Air India Data Breach: Expert Commentary for Enterprises<\/title>\n<meta name=\"description\" content=\"Air India recently disclosed suffering a data breach which exposed the personally identifying information of 4.5 million customers.\u00a0\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/identity-management\/the-air-india-data-breach-expert-commentary-for-enterprises\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ben Canner\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/the-air-india-data-breach-expert-commentary-for-enterprises\/\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/the-air-india-data-breach-expert-commentary-for-enterprises\/\",\"name\":\"The Air India Data Breach: Expert Commentary for Enterprises\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/the-air-india-data-breach-expert-commentary-for-enterprises\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/the-air-india-data-breach-expert-commentary-for-enterprises\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/swam.jpg\",\"datePublished\":\"2021-05-24T20:54:41+00:00\",\"dateModified\":\"2021-05-24T20:54:41+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\"},\"description\":\"Air India recently disclosed suffering a data breach which exposed the personally identifying information of 4.5 million customers.\u00a0\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/the-air-india-data-breach-expert-commentary-for-enterprises\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/identity-management\/the-air-india-data-breach-expert-commentary-for-enterprises\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/the-air-india-data-breach-expert-commentary-for-enterprises\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/swam.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/swam.jpg\",\"width\":800,\"height\":400,\"caption\":\"UN Data Breach: Expert Commentary on a High-Profile Attack\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/the-air-india-data-breach-expert-commentary-for-enterprises\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/identity-management\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"The Air India Data Breach: Expert Commentary for Enterprises\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/\",\"name\":\"Identity and Access Management Solutions | Solutions Review\",\"description\":\"Evaluating Enterprise IAM Software, Identity Governance &amp; Access Control Tools.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\",\"name\":\"Ben Canner\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"caption\":\"Ben Canner\"},\"description\":\"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/author\/bcanner\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The Air India Data Breach: Expert Commentary for Enterprises","description":"Air India recently disclosed suffering a data breach which exposed the personally identifying information of 4.5 million customers.\u00a0","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/identity-management\/the-air-india-data-breach-expert-commentary-for-enterprises\/","twitter_misc":{"Written by":"Ben Canner","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/identity-management\/the-air-india-data-breach-expert-commentary-for-enterprises\/","url":"https:\/\/solutionsreview.com\/identity-management\/the-air-india-data-breach-expert-commentary-for-enterprises\/","name":"The Air India Data Breach: Expert Commentary for Enterprises","isPartOf":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/identity-management\/the-air-india-data-breach-expert-commentary-for-enterprises\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/identity-management\/the-air-india-data-breach-expert-commentary-for-enterprises\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/swam.jpg","datePublished":"2021-05-24T20:54:41+00:00","dateModified":"2021-05-24T20:54:41+00:00","author":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541"},"description":"Air India recently disclosed suffering a data breach which exposed the personally identifying information of 4.5 million customers.\u00a0","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/identity-management\/the-air-india-data-breach-expert-commentary-for-enterprises\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/identity-management\/the-air-india-data-breach-expert-commentary-for-enterprises\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/the-air-india-data-breach-expert-commentary-for-enterprises\/#primaryimage","url":"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/swam.jpg","contentUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/swam.jpg","width":800,"height":400,"caption":"UN Data Breach: Expert Commentary on a High-Profile Attack"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/identity-management\/the-air-india-data-breach-expert-commentary-for-enterprises\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/identity-management\/"},{"@type":"ListItem","position":2,"name":"The Air India Data Breach: Expert Commentary for Enterprises"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/identity-management\/#website","url":"https:\/\/solutionsreview.com\/identity-management\/","name":"Identity and Access Management Solutions | Solutions Review","description":"Evaluating Enterprise IAM Software, Identity Governance &amp; Access Control Tools.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541","name":"Ben Canner","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","caption":"Ben Canner"},"description":"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.","url":"https:\/\/solutionsreview.com\/identity-management\/author\/bcanner\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/5376"}],"collection":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/users\/41"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/comments?post=5376"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/5376\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media\/4578"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media?parent=5376"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/categories?post=5376"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/tags?post=5376"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}