Air India has disclosed that the data of around 4.5 million of its passengers was stolen following a cyber attack on global aviation industry IT supplier SITA three months ago, in a statement by the airline. The breach involved personal data spanning almost 10 years, from 26 August 2011 to 3 February 2021, including name, date of birth, contact information, passport information, ticket information, Star Alliance and Air India frequent flyer data, and credit card data. No frequent flyer passwords or CVV/CVC data were stolen, however, as this information was not held by SITA. While the SITA cyber attack was first discovered at the end of February, Air India said it only understood the severity of the cyber attack last month. When the cyber attack was disclosed, SITA said Star Alliance and One World airlines were affected. Alongside Air India, this included Finnair, Japan Airlines, Jeju Air, Lufthansa, Malaysia Airlines, Air New Zealand, Cathay Pacific, and Singapore Airlines.