AirAsia allegedly hit with ransomware attack, data of five million passengers and employees reportedly compromised (Updated)

The leaked personal data is said to include passenger IDs, full names, booking IDs, employee photos, secret questions, nationality, date of birth, country of birth, location, and date hired. — YAP CHEE HONG/The Star

PETALING JAYA: The personal data of five million passengers and all employees of AirAsia has reportedly been compromised by hacker group Daixin Team, with the group claiming responsibility for the ransomware attack that allegedly hit the airline earlier this month on Nov 11 and 12.

According to a report from – a website specialising in reporting data breaches worldwide – the hackers provided them with two .csv files containing samples of the sensitive information belonging to both passengers and the airlines’ staff, which Daixin Team claims to have also given to AirAsia.

The sample of personal data on one of the files reportedly included passenger IDs, full names, and booking IDs, while the second file was said to contain data pertaining to employee details including photos, secret questions and answers (likely for account recovery), nationality, date of birth, country of birth, location, and date hired.

Daixin Team was the focus of a joint Cybersecurity Advisory (CSA) from the US Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and Department of Health and Human Services (HHS) back in late October this year, following ransomware attacks and extortion attempts aimed at US-based healthcare businesses. – citing the Daixin Team’s spokesperson – wrote in their report that AirAsia responded to the attack and engaged with the hacker group via chat, and after receiving a sample of the data did not attempt to negotiate the ransom amount any further, which suggests the airline did not intend to pay the attackers any amount.

Of the files encrypted, the report states that “the team had avoided locking “XEN, RHEL – hosts of flying equipment (radars, air traffic control and such)” – which is apparently part of the hacker group’s claimed avoidance of encrypting or destroying anything potentially life-threatening.

No confirmation on the sum demanded by the ransomware group or whether AirAsia paid a ransom in exchange for a decryption key and the deletion of the stolen data has thus far been reported.

AirAsia has since addressed the incident in an announcement made via the Bursa Malaysia website, stating that “the cyberattack was on redundant systems and did not affect our critical systems” and that it had “taken all measures to immediately resolve this data incident and prevent such future incidents”.


Subscribe now to our Premium Plan for an ad-free and unlimited reading experience!

Next In Tech News

Amazon latest to criticise Microsoft in UK cloud market probe
Foxconn resumes iPhone assembly at Indian facility after weather disruptions
Binance might be peak for U.S. crypto enforcement cases, says CFTC official
Shanghai wants Microsoft to promote AI tech in city - govt
US crypto industry lobby spending on track for new record in 2023
Small-cap trading on London stock market hit by outages
EU clears up to 1.2 billion euros of aid for cloud computing
Japanese tech lobby warns against EU cybersecurity labelling scheme
Grand Theft Auto: Built for the long haul
China delivers nearly 100 parcels a person in 2023 as ecommerce giants Alibaba,, PDD slowly recover

Others Also Read