SpiceJet has denied any instance of data breach on its servers, as was stated in a report by TechCrunch. Responding to the allegation that a security flaw in its servers had led to breach of data of 1.2 million passengers, a SpiceJet spokesperson said, "There was no data breach in any of SpiceJet’s servers. At SpiceJet, safety and security of our fliers’ data is sacrosanct. Our systems are fully capable and always up to date to secure the fliers’ data, which is a continuous process. We undertake every possible measure to safeguard and protect this data and ensure that the privacy is maintained at the highest and safest level."
Sources at SpiceJet also stated that the company never confirmed the report of the data breach to CERT-In, as was mentioned in TechCrunch's original report. Earlier yesterday, the report had quoted an undisclosed security researcher to state that one of SpiceJet's servers was vulnerable to a security flaw. As a result, the researcher stated that he was able to gain access to an unprotected, unencrypted database backup file that contained private, confidential information of over 1.2 million customers of the airline.
The researcher further stated that he never received a "meaningful response" from SpiceJet. He went on to state that the Indian Computer Emergency Response Team (CERT-In) was subsequently informed about the breach, which then communicated the issue to SpiceJet, and the flaw was subsequently patched. SpiceJet's statement on the matter denies any such incident, and company officials have stated that no such data breach was ever confirmed.
SpiceJet is presently India's number two airline by market share. According to October 2019 data released by the Directorate General of Civil Aviation (DGCA), SpiceJet presently has 16.3 percent market share in the Indian aviation industry, behind market leader InterGlobe Aviation (IndiGo) with 47.4 percent share.