An orchestrated hacking campaign targeting members of Air India's frequent-flyer programme has resulted in the loss of travel miles worth over Rs 1.6m ($23,745, £15,950).
It is believed the programme, dubbed Flying Returns, which has over 195,000 customer accounts in total, was hit by hackers who had intimate knowledge of how the internal systems worked, with Delhi Police claiming the attack may have been aided by a company insider or travel agency staffer.
Praveen Lal, commercial manager at airline, told the Times of India: "All the affected membership accounts have been suspended so that no further activity can take place from these accounts.
"The affected user IDs have been deactivated along with user IDs that have identical usernames and passwords. Also, all such user IDs that have not been active for the past three months have been deactivated."
Meanwhile, law enforcement, which is now investigating the case, said those responsible created 20 separate email IDs to "divert the reward points earned by passengers."
A senior police officer, who wished to remain anonymous, told the Times of India: "Apart from the computer hacker, we suspect the role of a present or a former employee who may be aware of the intricacies and loopholes in the system. We have asked the airline to supply us a list of employees who have quit the company recently."
While the probe is ongoing, cops say they have uncovered one single piece of evidence to date in the form of an IP address from one suspect computer. Now, the investigators are working with an internet provider to obtain more personal data.
Manhunt launched to find the perpetrators
Air India has said that one person has been identified as holding a suspect travel ticket and it is now attempting to contact the passenger to find out which agent was used to book the trip. One police source said: "Both a virtual and a physical manhunt has been launched to trace the perpetrators."
It is not the first time an airline has been targeted by hackers. Last year, UK firm British Airways was forced to freeze "tens of thousands" of frequent flyer accounts after suffering a cyberattack on its systems. In a separate incident from 2014 a Miami-based computer programmer was arrested for booking international trips and accommodation using stolen flyer miles worth $260,000 (£174,000, €228,000) from American Airlines.