Report: Data Involving AirAsia's Passengers And Employees Allegedly Compromised
Important files that involve the airline's safety and operations were not locked by the ransomware.
A recent information attack spanning across AirAsia, AirAsia Indonesia, and AirAsia Thailand has affected over five million passengers' and employees' data
Believed to have taken place on 11 and 12 November, the ransomware attack was initially reported by DataBreaches.net, a website known for reporting data breach incidents globally. The website had been sent two .csv files from the perpetrator, a ransomware gang called the Daixin Team. The files were simultaneously sent to AirAsia Group.
The files were said to contain the airline passengers' information, including their IDs, full names, and booking IDs in the first file, while employee information such as photos, secret questions and answers, as well as birth cities were available in the second file.
The ransomware group, the Daixin Team, has been under the radar of several authorities in the US
New Straits Times reported that the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and Department of Health and Human Services (HHS) have released a joint Cybersecurity Advisory (CSA) to provide information on the Daixin Team that had been targeting US businesses, specifically those in the Healthcare and Public Health (HPH) sector.
In the report from DataBreaches.net, the hacker group's spokesperson said that AirAsia responded quickly to the attack, but did not negotiate a ransom amount after seeing examples of the data.
It is also stated that the group was unable to make further attacks on the airline, as AirAsia Group's chaotic network and absence of standards have made it difficult for the hackers
However, data involving files such as the airline's safety and operations were not locked by the ransomware group to avoid compromising anything that could be life-threatening.
When asked whether it's true that AirAsia's chaotic network actually spared them from further attacks, the spokesperson responded, "Yes, it helped them. The internal network was configured without any rules and as a result worked very poorly. It seemed that every new system administrator 'built his shed next to the old building.' At the same time, the network protection was very, very weak".
Currently, several media outlets and reporters are reaching out to AirAsia for comment.