The data breach occurred at an Air India service provider's facility and led to the personal details of 4.5 million customers being compromised. The Ministry of Civil Aviation informed the Parliament that Air India is still in the process of intimating passengers months after a cyber-attack was perpetrated in the last week of February. Earlier in July, two journalists had sent a legal notice to Air India seeking compensation for damages suffered due to the data breach. Terming the incident as a 'cyber-attack', Minister of State for Civil Aviation, Gen (retd) V K Singh said, "However, Air India currently is discharging its obligations such as intimating passengers, intimating the Data Protection Authorities (DPAs), replying to the queries of DPAs in coordination with SITA." No further information was provided about which DPAs were referred to by the minister. The Personal Data Protection Bill 2019, which might be tabled in the Winter Session of Parliament, has proposed the establishment of a data regulator — The Data Protection Authority of India (DPA), which will be entrusted with the "duty to protect the interests of the data principals, prevent any misuse of personal data, ensure compliance with the provisions of the Act and promote about data protection." Why it matters? Cyber crimes have been on the rise ever since the COVID-19 pandemic began, due to an increased reliance on digital tools and the internet. According to a study by software firm Micro Focus, Indian organisations have experienced a 58% increase in cyber-security challenges over the…
