AirAsia allegedly hit with ransomware attack, data of five million passengers and employees reportedly compromised (Updated)

The leaked personal data is said to include passenger IDs, full names, booking IDs, employee photos, secret questions, nationality, date of birth, country of birth, location, and date hired. — YAP CHEE HONG/The Star

PETALING JAYA: The personal data of five million passengers and all employees of AirAsia has reportedly been compromised by hacker group Daixin Team, with the group claiming responsibility for the ransomware attack that allegedly hit the airline earlier this month on Nov 11 and 12.

According to a report from – a website specialising in reporting data breaches worldwide – the hackers provided them with two .csv files containing samples of the sensitive information belonging to both passengers and the airlines’ staff, which Daixin Team claims to have also given to AirAsia.

The sample of personal data on one of the files reportedly included passenger IDs, full names, and booking IDs, while the second file was said to contain data pertaining to employee details including photos, secret questions and answers (likely for account recovery), nationality, date of birth, country of birth, location, and date hired.

Daixin Team was the focus of a joint Cybersecurity Advisory (CSA) from the US Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and Department of Health and Human Services (HHS) back in late October this year, following ransomware attacks and extortion attempts aimed at US-based healthcare businesses. – citing the Daixin Team’s spokesperson – wrote in their report that AirAsia responded to the attack and engaged with the hacker group via chat, and after receiving a sample of the data did not attempt to negotiate the ransom amount any further, which suggests the airline did not intend to pay the attackers any amount.

Of the files encrypted, the report states that “the team had avoided locking “XEN, RHEL – hosts of flying equipment (radars, air traffic control and such)” – which is apparently part of the hacker group’s claimed avoidance of encrypting or destroying anything potentially life-threatening.

No confirmation on the sum demanded by the ransomware group or whether AirAsia paid a ransom in exchange for a decryption key and the deletion of the stolen data has thus far been reported.

AirAsia has since addressed the incident in an announcement made via the Bursa Malaysia website, stating that “the cyberattack was on redundant systems and did not affect our critical systems” and that it had “taken all measures to immediately resolve this data incident and prevent such future incidents”.


Article type: free
User access status:
Subscribe now to our Premium Plan for an ad-free and unlimited reading experience!

Next In Tech News

Journalists have much to lose if Twitter dies
Combating a global rise in cyber fraud
Wildlife conservation with AI
The myth of the tech god is crumbling
UK to fine tech companies that fail to remove self-harm material
Twitter CEO Musk says user signups at all-time high, touts features of "everything app"
Zelle users have been scammed out of thousands. How to avoid being targeted on money apps
Private chef stuns TikTok with US$3,500 grocery bill for 36 items. ‘Grossly out of touch’
Opinion: How Sam Bankman-Fried exploited the ‘effective altruism’�fad to get rich and con the world
Robot pets help these US seniors make friends

Others Also Read