Air Asia Suffers Major Data Breach

By   ISBuzz Team
Writer , Information Security Buzz | Nov 23, 2022 02:26 am PST

Air Asia Suffers Major Data Breach One of Asia’s most popular airlines. Air Asia, suffered from a massive data breach this past month, potentially exposing. The data of hundreds of thousands of users.  The airlines have started contacting customers to let them know what options they have going forward.. Let’s take a look at what happened, and how you can protect yourself from experiencing the same thing next time.


Details of the data breach

On Tuesday, October 16th Air Asia announced a data breach that occurred on Monday morning. Use of an unapproved party led to the breach. USB device to transfer files between two computers. The files contained the personal information of passengers including names, passport numbers, flight details and contact information. . AirAsia has stated that they will be notifying all affected customers with more information about the incident in accordance with the General Data Protection Regulation (GDPR).


How many individuals were impacted?

Data breaches are becoming more and more common. with the hacking of well-known businesses like Target and Sony. Air Asia is the latest company to suffer a data breach, which could affect as many as 700 of its customers. The breach happened when an unauthorized person gained access to the airline’s reservation system. Information on the customer, including names, email addresses, card details, and payment card numbers.

How did the breach happen?

A third-party vendor was responsible for the AirAsia Group data leak. Which the company outsourced its operations. The vendor’s security practices were breached.  Malicious actors stole information from approximately two million passengers.

The stolen information includes names, dates of birth, nationalities, passport numbers, credit card numbers, and other personal details.

The airline has quickly reassured its customers that no passwords or travel itineraries have been compromised in the breach.

In an effort to protect themselves against further breaches of this nature. They will be implementing stricter security measures in the future. When it comes to using third-party vendors for outsourcing their operations.


Air Asia’s response to the breach

We have informed the police and relevant authorities. We are also conducting a thorough investigation and will take all necessary steps to protect our customers’ data.

Our initial investigations suggest that there was no unauthorized access to any customer data. We are continuing to investigate this incident and will provide more information as soon as we can.

This incident highlights the risk of cyber threats, which is why AirAsia takes cyber security very seriously.

Notify of
2 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Almog Apirion
Almog Apirion , CEO & Co-Founder
November 23, 2022 10:33 am

The Daixin Team was recently the subject of a combined Cybersecurity Advisory notice issued by the FBI, CISA, and HHS, which indicated that the ransomware gang has been actively targeting U.S. businesses in the past few months. AirAsia is the latest victim of a significant attack, with the personal data of over 5 million passengers and workers exposed as a result. However, it has been stated that the aviation corporation had extremely inadequate network security and unorganized networks, which – if managed correctly – may have saved the company from greater damage. 

The rising targeting of larger organizations, as well as cybercriminals’ growing financial demands, have made it evident that businesses must act to safeguard themselves, internal, and external, third parties, their customers, as well as their business partners. Once again, identity-based access becomes one of the handicaps for organizations. When leveraged correctly, it extends current security protections, which are often reserved for the cloud, to on-premises and legacy systems and applications. MFA, continuous verification, network masking, and continuous auditing are all solutions that mitigate risks on critical infrastructure and OT systems, regardless of infrastructure type. This means that businesses may benefit from an improved security posture as well as gain visibility and control over their systems, and in cases such as AirAsia, build a unified and structured network that can’t be broken as easily.

Last edited 1 year ago by Almog.Apirion
Julia O’Toole
Julia O’Toole , Founder and CEO
November 23, 2022 10:29 am

These massive breaches are becoming a daily occurrence lately, and it looks like AirAsia may be the latest victim. Whether the attackers continue leaking the data, or if AirAsia decides to pay the demand is yet to be seen, but it will be customers and employees that get caught directly in the firing line.

It’s not clear how attackers got into AirAsia system’s yet, but with employee credentials being used to execute over 82% of today’s cyberattacks, they will probably have played a part. This means to harden systems against breaches and ransomware, organisations must do more to protect their employees’ access credentials. One way to protect against breaches is by deploying access encryption where employee passwords are encrypted from end to end so they never know them. This means credentials can no longer be stolen or phished from users. Using encryption also places control back in the hands of enterprises. For the first time since digitisation started, they are able to control their network access rather than let employees make their own passwords, over which they have no control or visibility.

Organisations must begin to realise that they are responsible for their data and have a duty to keep it safe. However, by allowing employees to create their own passwords and passkeys to access critical data, organisations are losing that control. No organisation ever allows employees to make their owns keys to access a physical office, yet they allow employees to create their digital keys to access their data, which is undoubtedly their most valuable asset today. This needs to change.

Last edited 1 year ago by Julia O’Toole

Recent Posts

Would love your thoughts, please comment.x