IndiGo says its servers were hacked in December and warns that internal documents may be uploaded into the public domain. After hackers breached the airline’s servers, they were able to gain access to company documents that IndiGo fear will be released to the public.
Hackers launched an attack
IndiGo claims that some of its servers were ‘subject to a hacking incident’ earlier in the month. Although hackers were successful in their initial breach, IndiGo stated that it was able to mitigate the damage quickly.
In a press release, IndiGo said,
“We were able to restore our systems in a very short span of time with minimal impact.”
However, the hackers were still able to access sensitive information on the servers before IndiGo restored their systems. During this window of opportunity, the airline says it is highly likely the hackers were able to access internal documents that may find their way into the public domain.
“There is a possibility that some internal documents of the company may get uploaded by the hackers on public websites and platforms.”
How will IndiGo deal with the breach?
Data breaches can be extremely difficult to investigate, and with many attacks coming from overseas, legal boundaries and jurisdictions further complicate matters. According to its statement, the airline will co-operate with authorities and experts to get to the bottom of the incident, claiming,
“We realize the seriousness of the issue, and are continuing to engage with all relevant experts and law enforcement to ensure that the incident is investigated in detail.”
The airline appears to have done better than others to detect and shut down the breach before more damage was done. In other cases, cyber infiltrations have remained undetected for months, as was the case with the 2018 British Airways data breach. On that occasion, the airline only discovered the breach after a third-party cybersecurity expert alerted them.
Past data breaches in the industry
Cyberattacks on airlines are becoming a worryingly prevalent trend in the aviation industry. Several high-profile hacks have occurred in the last couple of years, including the British Airways data breach and details of over nine million easyJet customers. Other notable incidents include a Cathay Pacific hack in 2018, affecting 9.4 million customers, and a flaw in United Airlines’ website which exposed customer data.
Data breaches can have a significant financial and reputational impact on airlines, losing them valuable customers. Airlines are also at risk of fines from relevant authorities, especially if negligence was a contributing factor to the data breach. At one point, British Airways was fined a record £183 million after the 2018 hack, although this was later reduced to £20 million.
Do you think airlines need to do more to bolster their cybersecurity? Let us know in the comments.