The airline was first informed of the breach in February, but did not reveal its implication until last week.
Cybercriminals have had access to details including names, passport information and payment details dating back 10 years.
However, CVV / CVC numbers and passwords were not consulted, according to a statement.
The compromised software was operated by SITA Passenger Service System according to Air India.
SITA issued a statement acknowledging the hack in early March, but did not say how many people were affected or which airlines fell prey.
Other major carriers have also been affected, including members of Star Alliance Singapore Airlines, New Zealand Air and Lufthansa.
Air India said the incident “affected approximately 4,500,000 affected people around the world,” but did not specify how many of its customers were.
Hackers managed to get their hands on data from August 26, 2011 to February 3, 2021.
According to the airline’s statement: “Air India wishes to inform its valued customers that its Passenger Service System (PSS) provider has been made aware of a sophisticated cyber attack to which it was subjected during the last week of February. 2021.
“As the level and extent of sophistication is determined by forensic analysis and the exercise continues, the service provider has confirmed that, after the incident, no unauthorized activity within the PSS infrastructure was not detected. “
A second press release added that after notification of the hack, actions taken included: “Investigate the data security incident, secure the compromised servers, engage external data security incident specialists, notify and ensure liaising with credit card issuers and resetting Air India Frequent Flyer Program passwords. “
He added, “Additionally, our data processor ensured that no abnormal activity was observed after securing the compromised servers.
“As we and our data processor continue to take corrective action, including, but not limited to the above, we also encourage passengers to change passwords as appropriate to ensure the safety of their passengers. personal data.