One of India’s largest privately owned airlines, SpiceJet, has suffered a data breach exposing the personal information of over a million of its passengers.
According to a report by TechCrunch, a security researcher gained access to one of SpiceJet’s unencrypted database using a brute-force attack.
The database contained the private information of over 1.2 million passengers who flew with SpiceJet over the past month, including flight information, passenger names, phone numbers, email addresses, and dates of birth.
Among some of the passengers include state officials.
The researcher explained that the database was open and accessible for anyone who know where to look thus making the data extremely vulnerable to possible attacks by threat actors.
The researcher notified SpiceJet about the breach after accessing the data, to which no “meaningful” response was received.
India’s computer emergency response team CERT-IN was also notified about the breach, to which the government agency confirmed the breach and issued an alert to SpiceJet. SpiceJet has since secured the databa
A spokesperson for the airline said in a statement, “at SpiceJet, safety and security of our fliers’ data is sacrosanct. Our systems are fully capable and always up to date to secure the fliers’ data which is a continuous process. We undertake every possible measure to safeguard and protect this data and ensure that the privacy is maintained at the highest and safest level.”
Registration now OPEN for PrivSec Global
Taking place across four days from 30 Nov to 3 Dec, PrivSec Global, will be the largest data protection, privacy and security event of 2020.
Reserve your place before 2nd October, and receive VIP access to PrivSec Global which includes priority access to limited space sessions, workshops, networking opportunities and exclusive content.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.