AIR INDIA HACKED
Beleaguered as much it can be, it has literally been carrying the government officials to the physical destinations in India and aboard. They come to our rescue in any calamity needing evacuation and for other national efforts too. Air India has done yeomen service for evacuating Indians across the globe and maintaining air bubbles during the pandemic. The pilots have been our frontline warriors. The commercial health of the airline is no secret and it’s even extremely difficult to find a buyer too, the selloff plan has been a pipedream for long. Recent data hack has added to its worries. Given the second surge of the pandemic, understandably the reactions have been muted. Undeniably, it is sad commentary on data security systems in place.
These have been user data, the hack or the compromise of it could not have been hidden beyond this point. We have absolutely no idea if non-passenger data has also been compromised and with what impact. Not understanding the full gamut of technological paradox and hackers ill designs even after knowing of it, can never be an excuse in case of a bigger tragedy happening in the near future. Despite popular perception to the contrary, Cyber attacks of every kind have been looming large all around us. We had Jawahar Nehru Port Trust a few years back, SBI database hack, malware getting installed at India’s premier nuclear power plant, NIC breach et al. Twitter account for the personal website of the Indian Prime Minister was also hacked last year. Though banned in the right earnest, we have no idea what damage the Chinese apps have inflicted on us data wise.
Data is an asset class, only one which is not only for wealth creation, but for all nefarious activities inclusive of war. Coming back to the instant Air India case, *the hackers were able to access the systems for 22 days. Another startling fact is that data is not stored in India. What is lost is only one part of the story, the more startling fact is that we don’t have capabilities to run our own Airlines IT systems. There is always a data processor, an outsourced agent, who finally becomes the owner of our data. The nature of control on its own data would never have been a matter of concern for Air India. Outsourcing is the name of the game and then wash off your responsibility and keep relaying the data processor messages.
SITA PSS which runs the show had stored the data in its data center in Atlanta, Georgia. It was a highly sophisticated cyber attack. The Colonial Pipeline hack we have heard of recently and before that the SolarWinds. This is an attack on the enmeshed US digital critical infrastructure of which we are also facing an impact. AI says, ”the customer data base registered in almost a decade of 45 lakh passengers – including their name, date of birth, contact information, passport information, frequent flyer and credit card data was breached.” Does Air India have the wherewithal to audit the data which has been compromised? Or whatever SITA says is final. What efforts has Air India made to improve data protection since the onset of the pandemic, when such attacks became very likely. We are becoming a data compromised nation.
IF YOU CAN’T PROTECT CUSTOMER DATA, YOU HAVE NO RIGHT TO BE IN BUSINESS.