One of India’s largest privately owned airlines, SpiceJet, has suffered a data breach exposing the personal information of over a million of its passengers.
According to a report by TechCrunch, a security researcher gained access to one of SpiceJet’s unencrypted database using a brute-force attack.
The database contained the private information of over 1.2 million passengers who flew with SpiceJet over the past month, including flight information, passenger names, phone numbers, email addresses, and dates of birth.
Among some of the passengers include state officials.
The researcher explained that the database was open and accessible for anyone who know where to look thus making the data extremely vulnerable to possible attacks by threat actors.
The researcher notified SpiceJet about the breach after accessing the data, to which no “meaningful” response was received.
India’s computer emergency response team CERT-IN was also notified about the breach, to which the government agency confirmed the breach and issued an alert to SpiceJet. SpiceJet has since secured the databa
A spokesperson for the airline said in a statement, “at SpiceJet, safety and security of our fliers’ data is sacrosanct. Our systems are fully capable and always up to date to secure the fliers’ data which is a continuous process. We undertake every possible measure to safeguard and protect this data and ensure that the privacy is maintained at the highest and safest level.”
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/