AirAsia allegedly hit with ransomware attack, data of five million passengers and employees reportedly compromised (Updated)

The leaked personal data is said to include passenger IDs, full names, booking IDs, employee photos, secret questions, nationality, date of birth, country of birth, location, and date hired. — YAP CHEE HONG/The Star

PETALING JAYA: The personal data of five million passengers and all employees of AirAsia has reportedly been compromised by hacker group Daixin Team, with the group claiming responsibility for the ransomware attack that allegedly hit the airline earlier this month on Nov 11 and 12.

According to a report from – a website specialising in reporting data breaches worldwide – the hackers provided them with two .csv files containing samples of the sensitive information belonging to both passengers and the airlines’ staff, which Daixin Team claims to have also given to AirAsia.

The sample of personal data on one of the files reportedly included passenger IDs, full names, and booking IDs, while the second file was said to contain data pertaining to employee details including photos, secret questions and answers (likely for account recovery), nationality, date of birth, country of birth, location, and date hired.

Daixin Team was the focus of a joint Cybersecurity Advisory (CSA) from the US Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and Department of Health and Human Services (HHS) back in late October this year, following ransomware attacks and extortion attempts aimed at US-based healthcare businesses. – citing the Daixin Team’s spokesperson – wrote in their report that AirAsia responded to the attack and engaged with the hacker group via chat, and after receiving a sample of the data did not attempt to negotiate the ransom amount any further, which suggests the airline did not intend to pay the attackers any amount.

Of the files encrypted, the report states that “the team had avoided locking “XEN, RHEL – hosts of flying equipment (radars, air traffic control and such)” – which is apparently part of the hacker group’s claimed avoidance of encrypting or destroying anything potentially life-threatening.

No confirmation on the sum demanded by the ransomware group or whether AirAsia paid a ransom in exchange for a decryption key and the deletion of the stolen data has thus far been reported.

AirAsia has since addressed the incident in an announcement made via the Bursa Malaysia website, stating that “the cyberattack was on redundant systems and did not affect our critical systems” and that it had “taken all measures to immediately resolve this data incident and prevent such future incidents”.


Follow us on our official WhatsApp channel for breaking news alerts and key updates!

Next In Tech News

Vista Equity explores sale of cybersecurity firm Sonatype, sources say
Amazon must comply with US agency's pregnancy bias probe, judge rules
SpaceX Falcon 9 suffers rare failure in space, imperiling Starlink mission
India's HCLTech Q1 revenue in line with estimates
Battery maker ProLogium to gradually ramp up French plant amid slow EV sales
Southwest Airlines, Archer Aviation to develop operational plans for flying air taxis in California
Nigerian judge sets Binance tax evasion trial for October
Exclusive-India antitrust probe finds Apple abused position in apps market
AT&T says data from 109 million US customer accounts illegally downloaded
Musk's X charged with deceiving users, risks fine, EU says

Others Also Read