Report: Data Involving AirAsia's Passengers And Employees Allegedly Compromised

Follow us on Instagram, TikTok, and Telegram for the latest stories and breaking news.

Believed to have taken place on 11 and 12 November, the ransomware attack was initially reported by DataBreaches.net, a website known for reporting data breach incidents globally. The website had been sent two .csv files from the perpetrator, a ransomware gang called the Daixin Team. The files were simultaneously sent to AirAsia Group.

The files were said to contain the airline passengers' information, including their IDs, full names, and booking IDs in the first file, while employee information such as photos, secret questions and answers, as well as birth cities were available in the second file.

New Straits Times reported that the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and Department of Health and Human Services (HHS) have released a joint Cybersecurity Advisory (CSA) to provide information on the Daixin Team that had been targeting US businesses, specifically those in the Healthcare and Public Health (HPH) sector.

In the report from DataBreaches.net, the hacker group's spokesperson said that AirAsia responded quickly to the attack, but did not negotiate a ransom amount after seeing examples of the data.

However, data involving files such as the airline's safety and operations were not locked by the ransomware group to avoid compromising anything that could be life-threatening.

When asked whether it's true that AirAsia's chaotic network actually spared them from further attacks, the spokesperson responded, "Yes, it helped them. The internal network was configured without any rules and as a result worked very poorly. It seemed that every new system administrator 'built his shed next to the old building.' At the same time, the network protection was very, very weak".

Currently, several media outlets and reporters are reaching out to AirAsia for comment.