KOCHI: Though no data misuse has been reported following the breach of Air India database leading to the leak of personal and card information of 45 lakh passengers across the world, cyber experts have recommended users to remain cautious. Experts fear that even personal details of people working in sensitive establishments under Government of India might be leaked following the data breach.
Nandakishore Harikumar, CEO of Kochi-based private cyber security agency Technisanct Technologies, said that there is a possibility of these data landing in dark web. Back in 2019, Technisanct had exposed a data breach of Malaysian Airlines in which details of over 30 million passengers were leaked. “Even though Air India claims that there is no misuse reported yet, passengers must be careful as their personal details have been leaked.
In some international online platforms, financial transactions don’t require any CVV number of debit/credit cards. Instead, the transaction can be made using the card number, name on the card and expiry date. It can lead to financial frauds like ‘carding.’ Apart from it, with card details, online fraudsters can launch phishing attacks as card and personal details of a person are already with them,” he said.
Another major concern flagged by experts is that as the data breach happened in Air India, even personal details of those working in sensitive organisations will be available to fraudsters. “Air India is widely used by persons working in sensitive organisations like Indian Armed Forces and research organisations. As passport details of 45 lakh people were leaked, there is a security threat which cannot be ruled out,” he said. A senior officer working with Kerala Police’s cyber dome said it is a rare case that an airline admitted a data breach. Usually fearing adverse effects on the reputation of the brand, such breaches are not made public. He said anyone who suspects that his/her personal information, card details, email address, airline account, contacts and passport details have been leaked, should take precautionary measures.
“The dumps of the Air India data breach are yet to hit the dark web. That doesn’t mean that it won’t be available at the dark web in future. People who believe their personal information has been leaked should immediately apply for a new credit/debit card. If they have any online airline account, the passwords should be changed. Similarly, people should be cautious of phishing attacks and should not access any unwanted emails and online links,” he said.
He added that, in recent years the dark web is facilitating financial frauds, especially carding. “There are thousands of card details available at the dark web for sale. As technology has advanced, people should also be careful in using it as well,” he said.