Air India says data on 4.5 million passengers stolen
The state-owned giant said it was "securing the compromised servers" and using "external specialists" on data security as well as working with credit card companies.
"We deeply regret the inconvenience caused and appreciate continued support and trust of our passengers," the airline said.
A number of airlines have been hit by data breaches in recent years. British Airways was fined $28 million last year by a British watchdog after details of 400,000 passengers were lost in a 2018 cyberattack.
Cathay Pacific was fined $700,000 after details of more than nine million clients were lost in 2018.
And low-cost carrier EasyJet said last year that hackers had taken the email and travel details of about nine million customers.
The breach involved personal data registered between August 2011 and February 2021, the airline said.
SITA, which provides IT backup to much of the aviation industry, said at the time that it had been the target of a "highly sophisticated attack" that had affected a number of airlines.
Air India is part of the Star Alliance coalition of airlines and SITA handles computer operations for its frequent flyer programme.
Other airlines in the alliance warned passengers in March of the cyberattack but most said only names and frequent flyer numbers had been accessed.