PETALING JAYA: The personal data of five million passengers and all employees of AirAsia has reportedly been compromised by hacker group Daixin Team, with the group claiming responsibility for the ransomware attack that allegedly hit the airline earlier this month on Nov 11 and 12.
According to a report from DataBreaches.com – a website specialising in reporting data breaches worldwide – the hackers provided them with two .csv files containing samples of the sensitive information belonging to both passengers and the airlines’ staff, which Daixin Team claims to have also given to AirAsia.
The sample of personal data on one of the files reportedly included passenger IDs, full names, and booking IDs, while the second file was said to contain data pertaining to employee details including photos, secret questions and answers (likely for account recovery), nationality, date of birth, country of birth, location, and date hired.
Daixin Team was the focus of a joint Cybersecurity Advisory (CSA) from the US Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and Department of Health and Human Services (HHS) back in late October this year, following ransomware attacks and extortion attempts aimed at US-based healthcare businesses.
DataBreaches.com – citing the Daixin Team’s spokesperson – wrote in their report that AirAsia responded to the attack and engaged with the hacker group via chat, and after receiving a sample of the data did not attempt to negotiate the ransom amount any further, which suggests the airline did not intend to pay the attackers any amount.
Of the files encrypted, the report states that “the team had avoided locking “XEN, RHEL – hosts of flying equipment (radars, air traffic control and such)” – which is apparently part of the hacker group’s claimed avoidance of encrypting or destroying anything potentially life-threatening.
No confirmation on the sum demanded by the ransomware group or whether AirAsia paid a ransom in exchange for a decryption key and the deletion of the stolen data has thus far been reported.
AirAsia has since addressed the incident in an announcement made via the Bursa Malaysia website, stating that “the cyberattack was on redundant systems and did not affect our critical systems” and that it had “taken all measures to immediately resolve this data incident and prevent such future incidents”.