The notice contended that the journalists’ informational autonomy had been breached and that this amounted to a violation of their privacy.
Two journalists have sent a legal notice to Air India seeking compensation for damages suffered from a data leak of the airline’s flyer data, the Press Trust of India reported. The notice was sent to the state-owned airline by Zee News Associate News Editor Ritika Handoo and PTI legal correspondent Pawan Singh by advocate Ashwani Kumar Dubey. MediaNama has obtained and reviewed a copy of the legal notice.
In May, a data breach in the IT company SITA (which is an Air India vendor) exposed 4.5 million customers’ data. “This is to inform that SITA PSS our data processor of the passenger service system (which is responsible for storing and processing of personal information of the passengers) had recently been subjected to a cybersecurity attack leading to personal data leak of certain passengers. This incident affected around 4,500,000 data subjects in the world,” Air India had disclosed. The affected information included flyers’ names, their dates of birth, their contact information, their passport numbers, and trip details.
Client’s data “open to exploitation”
The legal notice says that the data leak included personal information that would lead to “making my client’s personal data open to exploitation and further unaccounted vulnerabilities, notwithstanding the fact that my client’s privacy has already been breached due to your security failure”.
- Contact information leaked: “The nature of this information is extremely personal as it includes my clients’ date of birth, personal contact information such as my clients’ mobile number and email ID (which my clients use for professional work and cannot change casually),” the notice said.
- Data is oil: “Data is regarded as the new oil, which has high economic value for advertisers/marketing, etc and therefore there is every likelihood that the data obtained from a leak of this kind can be sold on Dark Web. This could very likely lead to cloning and constructing duplicate passport, credit card, fake identification cards, etc,” the notice added, noting that similar incidents followed data breaches elsewhere. The notice said that the journalists constantly received spam because of the leak and that they “are not able to concentrate on their work as due to your security lapse long unwanted calls are received.”
- Damages sought: The notice said that since the breach “led to loss of my clients’ sensitive personal information, you the noticees are hereby liable to pay damages for causing wrongful loss of my clients’ informational autonomy, loss of their privacy, loss of dignity, loss of control over their data and for distress and mental injury for which I, call you the noticees to monetarily compensate my client with an amount of Rs. 30,000,000/- (Rupees Thirty Lakhs only) within a period of 15 days from the date of receipt of this notice.” The notice said that non-compliance would lead to “serious legal consequences”.
- Data Breach At Air India Comprised 4.5 Million Customers’ Data
- We need to know
- Clubhouse hack exposes data of 1.3m users, CEO says info already public
- Personal details of 533 million Facebook users, including 11 million Indians, leaked on hacking forum