SpiceJet, one of India's largest-privately owned airlines, has had a massive breach of data comprising information of 1.2 million passengers of the airline.
According to a report by TechCrunch, a security researcher told the publication that the data breach was on the premises of ethical hacking.
A report by NDTV stated that the hackers were able to get access to a system at SpiceJet by deciphering a password that was very easy to guess.
The hackers targeted a database backup file, which was not encrypted. This database included direct information on 1.2 million passengers like name, phone number, email address, flight information, and date of birth.
"The database was easily accessible for anyone who knew where to look," the report said.
The security researcher informed Indian Computer Emergency Response Team (CERT-In), an office within the Ministry of Electronics and Information Technology. It was only after this intimation that SpiceJet gathered to handle the lapse in its systems.
In a statement, a spokesperson said,
"At SpiceJet, the safety and security of our fliers’ data is sacrosanct. Our systems are fully capable and always up to date to secure the fliers’ data, which is a continuous process. We undertake every possible measure to safeguard and protect this data and ensure that privacy is maintained at the highest and safest level."
At present, SpiceJet has around 14,000 in staff and a fleet of 100 planes. It is the fourth airline after Air India, now defunct Jet Airways, and IndiGo to have a fleet of 100. The company has Boeing 737s, Bombardier Q400s, and B737 freighters.
It operates around 575 daily flights on an average to 62 destinations, including nine international ones.
As of May 2019, SpiceJet posted a 22 percent rise in net profit to Rs 56.3 crore in the quarter ended March as higher fares helped the airline amid a capacity crunch in the domestic aviation market.
(Edited by Saheli Sen Gupta)