Ransomware attack on AirAsia allegedly compromises the data of 5 million customers and employees
Cybercrime group Daixin Team has leaked confidential data containing confidential information belonging to AirAsia.
The massive ransomware attack has reportedly exposed more than five million records online that are thought to include information on customers and employees.
AirAsia is the largest airline in Malaysia, has some 22,000 employees from 60 nationalities and is based out of Kuala Lumpur, where it operates domestically and to more than 165 destinations worldwide.
Daixin Team has been the subject of a recent US Cybersecurity and Infrastructure Security Agency alert, reportedly informing DataBreaches on November 19 that they had obtained the personal data of 5 million unique passengers and all of the company’s employees.
DataBreaches, a website that reports data breach incidents around the world, said it was provided with two .csv files that Daixin Team also provided to AirAsia Group.
It said one file contained information on named passengers.
The second file contained employee information with numerous fields that included name, date of birth, country of birth, location, date employment started, and even their “secret question” and “answer” for password recovery.
Citing a Daixin spokesman, DataBreaches said AirAsia responded to the hack by asking Daixin’s negotiator for an example of the data. After receiving the sample, Daixin said the airline “asked in great detail how we would delete their data in case of payment.”
According to reports, AirAsia did not attempt to haggle over the price, which could mean they never intended to pay anything.
“Usually everyone wants to negotiate a smaller amount,” the spokesperson told DataBreaches.
According to DataBreaches, it is unknown how much the Daixin Team demanded in exchange for a decryption key, the deletion of all the data they had stolen, and a report of all of the vulnerabilities they had discovered and exploited to breach AirAsia’s systems.
The company said that, over the last few years, Malaysian entities have frequently been the subject of cyberattacks, as evidenced by the large number of databases and leaks on forums dedicated to hacking them.
The statement claimed that AirAsia Group is not the only Malaysian airline to have had a data breach.
In both 2020 and 2021, Malaysia Airlines reported data security incidents.