Updated: May 26, 2021
Breaches are not new!, Many companies are potential targets of threat actors and, The same happened with SITA, Which included data breach of many airlines around the globe including Air India, The massive data leak was caused by a "sophisticated cyberattack" on Air India's passenger service system provider SITA (Société Internationale de Télécommunications Aéronautiques) SITA is based out of Geneva in Switzerland.
On march 4, SITA rolled out a notification on their website about a security incident, In that they confirmed a cyber attack, And highlighted that:
SITA confirms that it was the victim of a cyber-attack, leading to a data security incident involving certain passenger data that was stored on SITA Passenger Service System (US) Inc. servers.
Air India then released a notification to the passengers, confirming the breach by writing
This incident affected around 4,500,000 data subjects in the world.
Now the question is, Do they really lack in their cyber security assessments? Or the way they operate their cyber security is not up to the mark? What I personally think is cyber incidents can happen any time, You never know who is targeting you, You need to be proactive! Also what if you are already hacked and you don't know? Right assessments are to be performed! , Also in our personal experience, We found enterprises only relying on tools to figure out the right cyber security for them, Remember a tool with the right security guy is helpful in many situations!
I hope we learn lessons from such incidents! Because if we don't this will keep on happening!
Checkout bluefire redteam for our services!