Cyber Incident Victim: Airports Authority of India

On July 19, 2014, unknown hackers breached the secure website of the Airports Authority of India (AAI), a government enterprise managing 125 airports nationwide, including international hubs and civil enclaves at military airfields. The attackers compromised critical data related to airport infrastructure, flight paths of airlines operating in India, and security credentials for the Air Traffic Management (ATM) system, which controls airspace over India and adjoining oceanic regions. The breach rendered the Enterprise Resource Planning (ERP) system inoperative by the morning of July 20, when AAI personnel discovered the disruption. Stolen personnel records included salary databases containing employee bank information, creating potential financial exploitation risks. The compromised ATM credentials raised concerns about unauthorized flight diversions or terrorist attacks on civilian aviation assets if acquired by hostile groups.

AAI convened a secretary-level government meeting to assess the breach's implications given the sensitivity of aviation infrastructure data. Authorities initiated an investigation to determine the full scope of exfiltrated information, which remained undetermined at the time of reporting. As an immediate containment measure, administrators migrated AAI’s entire infrastructure backbone to the National Informatics Centre (NIC) portal pending server sanitization and restoration. The incident highlighted vulnerabilities in systems managing national aviation operations, particularly the ATM’s role in coordinating air traffic across international, customs, and domestic airports. No operational disruptions to flight services were reported, but the breach underscored risks to critical infrastructure data governing India’s civil aviation network.