The notice alleged that journalists’ information autonomy had been violated and that this was an invasion of their privacy.

Two journalists have sent Air India legal notice seeking compensation for a leak in the airline’s leaflet data, the Press Trust of India Press reported. The announcement was sent to the state-owned airline by Zee News Associate News Editor Ritika Handoo and PTI Legal Correspondent Pawan Singh by attorney Ashwani Kumar Dubey. MediaNama has received and checked a copy of the legal notice.

In May, a data breach at IT company SITA (a provider of Air India) exposed 4.5 million customer data. “We would like to inform you that SITA PSS, our data processor of the passenger services system (which is responsible for storing and processing passengers’ personal data) was recently exposed to a cybersecurity attack that resulted in the loss of personal data of certain passengers. Around 4,500,000 affected people worldwide were affected by this incident, ”said Air India. The information affected included the names of the flyers, their date of birth, their contact details, their passport numbers and travel dates.

Customer data “open for utilization”

The legal notice states that the data breach involved personal information that would result in “my client’s personal information being exposed to exploitation and other neglected vulnerabilities, regardless of the fact that my client’s privacy has already been breached due to your security failure “.

  • Contact details leaked: “This information is extremely personal as it includes my customers ‘date of birth, personal contact information such as my customers’ cell phone number and email ID (which my customers use for work and cannot change randomly),” says the Message .
  • Data is oil: “Data is seen as the new oil that has high economic value for advertisers / marketing etc and so it is very likely that the data gained from such a leak can be sold on the dark web. This could very likely lead to the cloning and creation of duplicates of passports, credit cards, forged ID cards, etc., ”the statement added, noting that similar incidents followed data breaches elsewhere. The press release stated that because of the leak, the journalists are constantly receiving spam and “cannot concentrate on their work because their security vulnerability means that they receive long unwanted calls”.
  • User data not saved: Regarding the airline’s privacy policy, which claimed to protect user and company data equally, the notice said, “It is clear that you have falsely stated that security services are of a high standard because it is the customer’s data which has been leaked and no other company data. ”The notice deceived this claim, saying that journalists’“ information autonomy ”has been violated and that this amounts to an invasion of their privacy guaranteed under Article 21 of the Constitution. This was made worse by journalists’ inability to control their personal information after the theft, the letter said.
  • Compensation sought: The notification states that, since the breach “has led to the loss of sensitive personal data of my customers, you, the terminations, are hereby liable for damages for the unlawful loss of informational autonomy of my customers, the loss of their privacy, the loss of dignity for loss of control over their data and for distress and psychological injuries for which I am calling you the terminations to my clients with an amount of Rs. 30,000,000 / – (only rupees thirty lakhs) within a period of 15 days the date of receipt of this notice. ”The notice stated that failure to comply would have“ serious legal consequences ”.

also read