NULL CLASS EDTECH PRIVATE LTD.

INTERNSHIP REPORT : TASK 1

RESEARCH ON THE AIR INDIA DATA BREACH

(MAY 2021)

BY RITESH RAKSHE
CYBER SECURITY INTERN
NULL CLASS LTD.
 CONTENTS :-

• INTRODUCTION
• BACKGROUND
• HOW THE BREACH OCCURRED
• VULNERABILITIES EXPLOITED
• METHODS USED BY ATTACKERS
• IMPACT OF BREACH
• HOW THE BREACH WAS DISCOVERED AND
MITIGATED
• LESSONS LEARNED
• IF I WERE IN CHARGE
• CONCLUSION
• REFERENCES
INTRODUCTION :-
This report analyzes a major cybersecurity breach I researched, focusing on its background,
how it occurred, the vulnerabilities exploited, and the methods used by the attackers. I will
examine the impact on the organization, its customers, and stakeholders, including financial,
legal, and reputational damage. The report also covers how the breach was discovered and the
mitigation steps taken. Additionally, in the section "If I were in charge," I provide my
analysis of how the breach could have been handled differently, with a focus on prevention
and response strategies. This report aims to offer insights into the complexities of
cybersecurity breaches and the lessons learned.

The Air India Data Breach (May 2021)

BACKGROUND :-
Air India is India’s flagship airline, founded in 1932 and now part of the Tata Group. It
operates domestic and international flights, connecting India to major global destinations, and
is known for its extensive network and in-flight services.

The Air India data breach occurred in May 2021, when the personal data of approximately
4.5 million customers was compromised. Air India, one of India’s largest international
airlines, provides a wide range of air travel services, including both domestic and
international flights. The breach was a result of a cyberattack on the data management system
operated by Air India’s third-party vendor, SITA , which provides IT services to airlines
globally.

The data that was exposed included sensitive customer information such as names, contact
details, passport numbers, and credit card information. The breach affected passengers who
had booked tickets with Air India between 2011 and 2021. The data was accessed by hackers
through a vulnerability in the SITA servers, which were used for handling passenger service
systems, including booking and check-in processes.
 HOW THE BREACH OCCURRED
In May 2021, Air India confirmed a significant data breach that compromised the personal
information of approximately 4.5 million customers. This incident is notable not only for its
scale but also for the implications it has on data security within the airline industry and
beyond.

Timeline of Events
• February 25, 2021: Air India was first notified of a cybersecurity incident involving
its data processor, SITA (Société Internationale de Télécommunications
Aéronautiques), which manages the airline's Passenger Service System (PSS) that
stores customer data.
• March 25 and April 5, 2021: Air India learned the identities of affected passengers
and the extent of the data compromised.
• May 21, 2021: The breach was publicly disclosed, revealing that hackers had
accessed sensitive information over a period of 22 days.

Nature of the Breach

The breach involved unauthorized access to the systems managed by SITA, affecting data
collected between August 26, 2011, and February 20, 2021. The compromised data included:
• Personal Information: Names, dates of birth, contact details.
• Travel Information: Passport details and ticket information.
• Financial Information: Credit card details (excluding CVV/CVC numbers).
• Frequent Flyer Data: Information related to loyalty programs.
While Air India assured that no passwords were accessed, they recommended that customers
change their passwords as a precautionary measure

Step 1: Compromise of SITA Systems

1. Targeting SITA’s Passenger Service System (PSS):

o SITA, a global IT provider for airlines, managed Air India’s passenger data, including
personal and financial details.
o The Passenger Service System (PSS) is a critical infrastructure component for airlines,
handling functions like reservations, ticketing, and customer data storage.
o Cybercriminals breached SITA’s PSS, exploiting vulnerabilities in its systems to gain
unauthorized access.
2. Sophistication of Attack:
 o The attack involved advanced techniques, indicating it was orchestrated by skilled
threat actors.
o Evidence suggests the breach was part of a larger, coordinated effort to target
multiple airlines using SITA's services.

Step 2: Data Exfiltration

1. Accessing Sensitive Data:

o The attackers infiltrated the PSS and extracted data, including:
▪ Passenger names.
▪ Passport details.
▪ Contact information.
▪ Frequent flyer information.
▪ Payment details (excluding CVV codes).
o The stolen data spanned nearly a decade, from August 26, 2011, to February 3,
2021.
2. Third-Party Exposure:
o Since SITA provided services to multiple airlines, the attack impacted several global
carriers, not just Air India.
o The attackers leveraged the interconnected nature of aviation IT systems to
maximize their impact.

Step 3: Delay in Detection and Notification

1. Breach Detection:
o SITA discovered the breach in February 2021 but needed time to assess the scope
and impact due to the complexity of the attack.
o The delay in identifying the full extent of the compromise contributed to a lag in
notifying affected parties.
2. Customer Notification:
o Air India was informed by SITA and conducted its own investigation before issuing a
public statement and notifying its customers in May 2021.

Technical Aspects of the Breach

1. Vulnerabilities in SITA’s Infrastructure:

o Details of the exact vulnerabilities exploited have not been disclosed, but the attack
likely involved:
▪ Exploiting software vulnerabilities in outdated or unpatched systems.
▪ Targeting weak authentication mechanisms in the PSS.
2. Advanced Persistent Threat (APT):
o The nature of the attack suggests it might have been carried out by an APT group:
 ▪ These groups are often linked to nation-states or organized crime
syndicates.
▪ They employ advanced techniques, including phishing, social engineering,
and malware deployment.
3. Supply Chain Attack:
o This breach is classified as a supply chain attack, where the attackers exploited a
third-party provider (SITA) to access multiple clients’ data.

Root Causes

1. Third-Party Security Risks:

o Air India’s reliance on SITA’s services meant its data security was inherently tied to
SITA’s cybersecurity practices.
o Insufficient monitoring of third-party vendors created a blind spot in Air India’s
security posture.
2. Lack of Proactive Defense:
o While details remain scarce, the breach highlighted gaps in:
▪ Vulnerability management.
▪ Intrusion detection and prevention systems.
▪ Regular security audits of critical systems.
 VULNERABILITIES EXPLOITED IN THE DATA BREACH
The Air India data breach of 2021 was a result of sophisticated cyber exploitation of
vulnerabilities within third-party systems. The attack targeted SITA, a global IT service
provider for the aviation industry. Below is a comprehensive explanation of the
vulnerabilities that were likely exploited during this breach, rewritten uniquely for originality.

1. Third-Party Dependency Risks

Air India, like many organizations, relied on external service providers to manage critical
operations. In this case, SITA’s Passenger Service System (PSS) handled customer data for
Air India and several other airlines. Attackers capitalized on weaknesses in this third-party
system to breach the data.

• Exploitation:
o SITA’s system, being interconnected with multiple airline databases, became
an attractive target for cybercriminals.
o Any vulnerability in its network or application infrastructure would serve as
an entry point.
• Why It Happened:
o Lack of stringent security protocols in third-party systems.
o Absence of robust monitoring to detect suspicious activity early.

2. Insufficient Data Encryption

Sensitive information, including names, passport details, and payment card data, was
compromised. While SITA claimed some of the data was encrypted, encryption alone may
not be sufficient if it is outdated or improperly implemented.

• Exploitation:
o Weak or poorly applied encryption methods allowed attackers to access
sensitive information.
o Inadequate protection of encryption keys could have exposed data in transit or
at rest.
• Why It Happened:
o The encryption methods might not have met current security standards,
making them easier to bypass.
3. Poor Access Management

Access control vulnerabilities are often exploited when attackers target systems with broad or
poorly managed permissions. In this breach, attackers may have gained access through
privileged accounts within SITA’s systems.

• Exploitation:
o Privileged user accounts with unnecessary access rights could have been
exploited.
o A lack of multi-factor authentication (MFA) might have facilitated
unauthorized access.
• Why It Happened:
o Oversight in enforcing the principle of least privilege.
o Dependence on traditional username-password mechanisms.

4. Software Vulnerabilities and Unpatched Systems

Outdated software and unpatched vulnerabilities remain one of the leading causes of data
breaches. The SITA breach might have involved exploiting known vulnerabilities in its
software stack.

• Exploitation:
o Unpatched software with known security flaws was likely targeted using
automated tools or custom exploits.
o Legacy systems within the PSS infrastructure may have been inherently
insecure.
• Why It Happened:
o Failure to promptly apply security patches to known vulnerabilities.
o Dependence on outdated systems due to operational constraints.

5. Lack of Robust Network Segmentation

Interconnected systems like those in the aviation industry often lack adequate segmentation.
This enables attackers to move laterally across networks once they gain a foothold.

• Exploitation:
o Attackers likely exploited the interconnected nature of SITA’s systems to
access multiple airlines’ customer data.
o Inadequate isolation between systems allowed data to be exfiltrated across the
network.
• Why It Happened:
o Network architecture was not designed with robust segmentation.
6. Delayed Breach Detection and Response

One critical issue in the Air India breach was the delay in detecting and responding to the
intrusion. The attackers reportedly accessed the data in February 2021, but the breach was
only disclosed in May 2021.

• Exploitation:
o Lack of advanced threat detection systems allowed the attackers to remain
undetected for months.
o Absence of real-time monitoring and response mechanisms delayed
containment efforts.
• Why It Happened:
o Insufficient investment in intrusion detection systems (IDS) and security
operation centers (SOCs).

7. Targeted Social Engineering or Credential Theft

The initial point of entry could have been achieved through social engineering techniques,
such as phishing, targeting employees at SITA or its partner organizations.

• Exploitation:
o Employees may have been tricked into sharing credentials or clicking
malicious links.
o Once inside, attackers could escalate privileges to access sensitive data.
• Why It Happened:
o Inadequate employee training on recognizing phishing attempts.

8. Weak Incident Response Readiness

The delayed response to the breach indicated a lack of preparedness for handling such
incidents.

• Exploitation:
o Attackers could take advantage of slow containment measures to extract more
data over time.
• Why It Happened:
o The absence of a tested and effective incident response plan.
 METHODS USED BY THE ATTACKERS
1. Compromising Third-Party Service Providers

The attackers targeted a third-party data processor, SITA (Société Internationale de

Télécommunications Aéronautiques), which manages passenger service systems for airlines
worldwide. By exploiting vulnerabilities in SITA's systems, the attackers gained
unauthorized access to Air India's passenger data.

Steps involved:

• Supply Chain Targeting: The attackers likely mapped out Air India’s reliance on
external vendors and selected SITA as the weakest link.
• Phishing or Social Engineering: It's probable that phishing emails or social
engineering tactics were used to infiltrate SITA’s systems, tricking employees into
granting access or disclosing credentials.
• Exploitation of Vulnerabilities: Once inside, the attackers exploited software
vulnerabilities within SITA’s infrastructure to escalate privileges and access the
stored data.

2. Credential Harvesting and Lateral Movement

The attackers could have employed credential-harvesting techniques to gather login

information and move laterally across connected systems to retrieve data.

Techniques used:

• Brute Force and Credential Stuffing: If previously leaked credentials were

available, attackers could reuse these to gain unauthorized access.
• Privileged Account Exploitation: With administrator-level access, they were able to
move across internal networks, expanding their reach.

3. Data Exfiltration

Once the attackers accessed the sensitive information, they exfiltrated the data without
triggering detection mechanisms.

Key tactics:

• Stealth Techniques: Attackers may have disguised the data transfer as legitimate
network traffic to avoid detection by monitoring tools.
 • Encryption: The stolen data was likely encrypted before exfiltration, making it harder
to identify during transfer.

4. Delayed Breach Notification

The attackers exploited a significant gap between the breach occurrence and its detection,
which delayed Air India’s response. This period allowed the attackers to maintain their
presence within compromised systems and siphon off more data.

5. Potential Use of Ransomware (Speculative)

Although not explicitly confirmed, the attackers may have used ransomware-like tactics to
lock or encrypt systems temporarily as a diversion while data was being stolen.
 IMPACT ON THE ORGANISATION
The Air India data breach, which compromised sensitive data of approximately 4.5 million
passengers, had widespread ramifications. Its consequences were evident across the
organization, its customers, and stakeholders, particularly in financial, legal, and reputational
aspects.

1. Organizational Impact

Financial Losses

The breach required Air India to invest heavily in mitigation efforts, including:

• Incident Management Costs: Investigating the breach, securing systems, and

compensating affected individuals incurred substantial expenses.
• Revenue Decline: Loss of customer confidence and reduced bookings may have
directly impacted the airline's revenue.
• Regulatory Penalties: Non-compliance with international data protection laws like
the GDPR could lead to significant fines.

Operational Challenges

The organization had to allocate resources to address the breach, disrupting routine
operations. Employees and management faced increased workloads to manage public
relations, regulatory communication, and technical recovery.

Long-Term Damage

The breach exposed gaps in Air India's cybersecurity measures, requiring long-term
investment in infrastructure upgrades and workforce training to prevent future incidents.

2. Customer Impact

Data Security Risks

• Identity Theft: Exposed personal and financial details increased the risk of identity
theft for passengers.
• Phishing and Fraud: Customers became potential targets for phishing scams and
fraudulent transactions using stolen information.
Erosion of Trust

• Privacy Concerns: Passengers were alarmed by the breach, questioning the airline's
ability to protect their data.
• Customer Attrition: Some customers opted to switch to competitors perceived as
more secure, reducing Air India’s market share.

3. Stakeholder Impact

Reputational Damage

• Shareholder Confidence: Investors may have perceived the breach as a sign of weak
governance, potentially reducing stock value or interest in the organization.
• Public Image: The breach attracted significant media attention, casting Air India in a
negative light and damaging its reputation as a reliable airline.

Legal Challenges

• Compliance Violations: The breach highlighted potential lapses in adhering to data

protection regulations, leading to investigations by authorities.
• Lawsuits and Settlements: Affected customers could file lawsuits, forcing the airline
to engage in lengthy and costly legal battles.
HOW THE BREACH WAS DISCOVERED AND STEPS TAKEN TO
MITIGATE IT
The Air India data breach, which exposed sensitive information of millions of passengers,
was discovered as part of a broader cybersecurity investigation involving multiple
organizations. Here’s a detailed, original analysis of how the breach was identified and the
subsequent mitigation steps:

Discovery of the Breach

1. Notification by Third-Party Vendor

o The breach came to light when SITA, a third-party IT service provider that manages
passenger service systems, detected unauthorized access to its servers in February
2021.
o SITA informed Air India and other affected airlines about the breach, revealing that
attackers had targeted their infrastructure to extract passenger data.
2. Delayed Reporting
o The compromised data had been accessed months before the breach was publicly
disclosed, indicating a significant delay in detection and notification. This gap
allowed attackers to exploit the stolen information further before containment
measures were initiated.
3. Internal Investigation
o Upon receiving the alert from SITA, Air India initiated its internal investigation to
determine the scope of the breach and assess its potential impact on passengers.

Steps Taken to Mitigate the Breach

1. Immediate Response
o System Isolation: Air India isolated affected systems to prevent further unauthorized
access.
o Collaboration with Vendors: The airline worked closely with SITA to understand
the breach’s technical aspects and contain its spread.
2. Data Protection Measures
o Password Reset: As a precautionary measure, Air India advised affected customers
to reset their passwords for associated accounts.
 o Enhanced Monitoring: The airline increased monitoring of its IT infrastructure to
detect any unusual activity or subsequent breaches.
3. Public Notification
o Transparency with Customers: In May 2021, Air India publicly acknowledged the
breach, informing passengers about the compromised data and advising them on
protective measures.
o Engagement with Authorities: Air India cooperated with regulatory bodies and
cybersecurity experts to address compliance requirements and reassure stakeholders.
4. Improving Cybersecurity Infrastructure
o Audit and Patch Management: The organization conducted a thorough audit of its
IT systems, patching vulnerabilities and strengthening defenses.
o Vendor Risk Management: Steps were taken to reevaluate relationships with third-
party service providers and ensure stricter cybersecurity standards.
5. Customer Support
o Dedicated Helpline: Air India set up a helpline to assist affected passengers,
addressing concerns about identity theft and data misuse.
o Identity Theft Protection: Although not explicitly stated, the airline may have
offered guidance on monitoring financial transactions and securing personal
information.
 Lessons Learned from the Air India Data Breach

The Air India data breach highlighted key areas for improvement in cybersecurity:

1. Supply Chain Security: Strengthen third-party vendor assessments, enforce strict

security standards, and conduct regular audits.
2. Proactive Detection: Use advanced monitoring tools and conduct regular
vulnerability assessments to identify threats early.
3. Incident Response: Establish a robust incident response plan with defined roles and
conduct regular training to enhance readiness.
4. Transparent Communication: Notify affected parties promptly and offer support to
rebuild trust.
5. Data Protection: Implement encryption and strict access controls to secure sensitive
information.
6. Regulatory Compliance: Align with global data protection laws to avoid penalties
and ensure preparedness.
7. Cybersecurity Priority: Treat cybersecurity as a core business function, investing in
tools, skilled professionals, and awareness programs.
 IF I WERE IN CHARGE …
As a cybersecurity expert, if I had been tasked with overseeing the security at Air India
during the 2021 data breach, my approach would have been rooted in a robust, multi-layered
security strategy. This would involve not just preventing the breach but also effectively
responding to it and implementing innovative strategies that could minimize damage or
entirely prevent such an event. Below, I outline the core areas where my strategy would
differ:

1. Prevention Strategies
Preventing a breach is the first line of defense. In my approach, I would have implemented a
series of preventive measures to reduce the likelihood of a breach and to safeguard sensitive
customer data from unauthorized access.

• Zero Trust Architecture:

One of the key strategies I would have introduced is the implementation of a Zero
Trust Architecture (ZTA). The Zero Trust model works under the principle of "never
trust, always verify," meaning no user or device—whether inside or outside the
organization’s network—would be trusted by default. Each access request would be
authenticated, authorized, and continuously monitored. For example, all employees
and contractors would be subject to strict identity verification and least privilege
access to minimize the risk of internal threats or unauthorized access to critical
systems. This approach would ensure that if one part of the network is compromised,
it would not grant access to other parts of the infrastructure, significantly limiting the
potential impact of a breach.

• End-to-End Encryption and Tokenization:

While some data was encrypted in transit and at rest, it is essential that all Personally
Identifiable Information (PII), credit card details, and sensitive customer data be
encrypted both during storage and transmission. I would have ensured that the highest
encryption standards—such as AES-256—were applied universally to all customer
data. Additionally, tokenization of sensitive data would have been implemented. By
replacing real customer data with unique, non-sensitive tokens, even if attackers
gained access to the database, the stolen data would have been useless. This technique
reduces the exposure of sensitive data during an attack and adds another layer of
security.

• Third-Party Vendor Risk Management:

The breach occurred through a third-party vendor, highlighting a critical weakness in
the supply chain. I would have strengthened the third-party risk management strategy,
 ensuring that all external vendors handling sensitive data followed the same strict
security protocols as the organization itself. This would include mandatory security
audits, regular penetration tests, and ensuring that vendors used secure coding
practices. Additionally, I would have implemented third-party monitoring tools to
continuously assess and monitor the security posture of vendors. Clear contractual
clauses on data security, incident reporting, and breach notifications would have been
established.

• Employee Cybersecurity Awareness Training:

Human error remains a significant factor in many breaches. To address this, I would
have implemented regular, comprehensive cybersecurity awareness training for all
employees. Training would cover topics such as recognizing phishing attempts,
securing personal devices, and understanding the importance of strong passwords and
multi-factor authentication. Employees would also be trained on how to identify and
report suspicious activity, ensuring a quicker response if any vulnerability is detected.

2. Response Methods
Even with the best prevention measures, breaches can still occur. A well-planned and
effective response strategy is critical to mitigating damage. Here’s how I would have
responded to the breach once it was detected:

• Early Detection and Automated Containment:

An early warning system is crucial in minimizing the damage caused by a breach. I
would have deployed advanced threat detection tools that utilize Artificial Intelligence
(AI) and machine learning algorithms. These systems can analyze network traffic
patterns, user behavior, and system logs in real-time to identify anomalies or
suspicious activity indicative of a breach. Once an anomaly is detected, automated
containment measures, such as isolating the affected servers or blocking suspicious IP
addresses, would have been triggered to prevent further spread of the attack.

• Incident Response and Forensic Investigation:

A detailed incident response plan (IRP) would have been activated immediately upon
detecting the breach. The IRP would define roles and responsibilities, ensuring that
the response team could act quickly and efficiently. A forensic team would be called
in to assess the nature of the breach, trace the attackers' movements, and gather
evidence to understand how the breach occurred and the scope of the data
compromised. This investigation would not only help to address the current breach
but also identify vulnerabilities for future prevention.

• Crisis Communication and Transparency:

One of the most important aspects of breach management is communication. I would
 have ensured transparency with stakeholders, customers, and the public. Clear, honest
communication regarding the nature of the breach, what information was
compromised, and what steps were being taken to address the issue is essential.
Immediate notification to affected customers, regulators, and partners would have
been sent, advising them on measures such as password resets, monitoring of financial
accounts, and reporting any suspicious activity.

• Legal and Regulatory Compliance:

In such a scenario, compliance with relevant legal and regulatory frameworks would
be paramount. I would have ensured that the breach was reported to relevant
authorities as per the applicable laws, including the General Data Protection
Regulation (GDPR) if any EU citizens were affected or the Information Technology
Act in India. Additionally, I would have worked with legal teams to assess the
potential for litigation and ensure the airline complies with all breach notification
requirements.

3. Innovative Approaches
While traditional security methods are essential, I would have introduced innovative
approaches to cybersecurity to further strengthen the defense posture and prevent future
breaches.

• Decentralized Data Storage:

To reduce the risk of a single point of failure, I would have considered decentralizing
the storage of sensitive data. By splitting sensitive information into fragments and
storing them across multiple secure locations, it would become much harder for
attackers to access the full dataset even if they successfully infiltrated one system.
Additionally, this approach could make it more challenging for attackers to extract
meaningful data without possessing multiple parts of the dataset.

• Bug Bounty Program:

Another innovative approach I would have implemented is a bug bounty program. By
incentivizing ethical hackers to find vulnerabilities in the system, the organization
could have uncovered potential weaknesses before malicious actors could exploit
them. Offering rewards for vulnerabilities found by external security researchers can
help identify and patch security gaps quickly, keeping systems more secure in the
long term.

• Behavioral Analytics and Advanced Intrusion Detection Systems (IDS):

In addition to traditional firewalls and intrusion detection systems, I would have
deployed advanced user and entity behavior analytics (UEBA) systems.
 CONCLUSION
The 2021 data breach involving Air India underscores a critical lesson for
organizations in the digital age: no system is entirely immune to cyber threats. The
breach, which exposed sensitive personal and financial data of millions of passengers,
highlights the need for a more stringent, proactive approach to cybersecurity.

Throughout this report, we’ve examined how a more rigorous and multi-faceted
security strategy could have lessened the likelihood and impact of such an attack.
Implementing a Zero Trust Architecture, reinforcing third-party security measures,
and deploying advanced encryption methods would have added crucial layers of
defence. Furthermore, rapid detection systems, timely crisis communication, and
comprehensive response protocols would have helped limit the damage caused by the
breach.

One of the primary takeaways from this incident is the need for continuous
improvement in cybersecurity practices. Prevention should be prioritized, but
organizations must also be prepared to respond quickly and transparently when an
attack occurs. By recognizing the integral role of third-party vendors in an
organization’s security ecosystem, companies can better manage risks posed by
external entities and ensure their partners follow the same high security standards.

In conclusion, while it is impossible to eliminate every cyber risk, this breach

demonstrates that with the right strategies in place—focused on prevention, real-time
monitoring, and swift responses—organizations can significantly reduce the
likelihood of such breaches and their potential impact. Learning from incidents like
the Air India data breach enables companies to bolster their security posture and
protect the trust and safety of their customers.
 REFERENCES
• Reuters. (2021, May 21). Air India says February's data breach affected 4.5
million passengers. Reuters.
• Reuters
• BBC News. (2021, May 22). Air India cyber-attack: Data of millions of
customers compromised. BBC News.
• BBC
• Forbes. (2021, May 23). Air India Data Breach: Hackers Access Personal
Details Of 4.5 Million Customers. Forbes.
• Forbes
• TechCrunch. (2021, May 23). Air India passenger data breach reveals SITA
hack worse than first thought. TechCrunch.
• TechCrunch
• Twingate. (2021, May 23). What happened in the Air India data breach?.
Twingate.
• Twingate
• Cryptomathic. (2021, May 23). Air India's Data Breach: Security Matters
Most. Cryptomathic.
• Cryptomathic
• Areness - Law & Beyond. (2021, May 23). Air India Data Breach: A Legal
Analysis. Areness - Law & Beyond.
• Areness Law
• Wikipedia. (2021, May 23). Air India data breach. Wikipedia.
• Wikipedia
• Indian Express. (2021, May 22). Explained: What is the data breach that has
hit Air India customers?. Indian Express.
• Wikipedia
• The Irish Times. (2021, May 22). Air India cyberattack: Personal data of
over 4.5 million passengers leaked. The Irish Times.
• Wikipedia

REPORT BY :- RITESH HARI RAKSHE

CYBER SECURITY INTERN

NULLCLASS EDTECH PRIVATE LTD.