Cyber Incident Victim: Air India

In June 2016, Air India's Flying Returns frequent flyer program suffered a cybersecurity breach resulting in fraudulent redemptions of flying miles worth approximately Rs 16 lakh (1.6 million rupees) from at least 20 compromised accounts. The airline detected unauthorized access to customer accounts within its loyalty program, which maintained approximately 19.5 lakh (1.95 million) member accounts at the time. Air India's commercial manager Praveen Lal implemented immediate containment measures by suspending all affected membership accounts to prevent further fraudulent activity. The airline also deactivated user IDs sharing identical credentials and accounts inactive for three months as a precautionary security measure. This incident caused direct financial losses to customers through stolen miles and prompted concerns about systemic vulnerabilities in the loyalty program's authentication processes.

Delhi Police launched a criminal investigation after Air India's vigilance department reported the incident, with Special Commissioner Alok Verma prioritizing the case. Investigators identified a suspect ticket booked on June 10, 2016, for passenger Ankit on flight AI 849, using fraudulently obtained miles. Authorities traced the attacker's IP address to 106.215.147.*** and collaborated with internet service providers to identify the connection subscriber. Police theories included potential involvement by travel agencies or former employees familiar with Air India's systems, prompting requests for lists of recently departed staff. The Cyber Cell and Special Cell jointly registered a case under the Information Technology Act while pursuing both digital forensics and physical leads to identify perpetrators. Air India maintained operational continuity during the investigation but faced reputational damage and customer trust issues due to the security lapse in its loyalty infrastructure.