AirAsia, hit by a ransomware attack, claimed to compromise five million passengers and all of the airline’s employee’s data.
AirAsia, hit by a ransomware attack, claimed to compromise five million passengers and all of the airline’s employee’s data.
According to DataBreaches.net, Daixin stole the data on Nov 11 and 12 this year. The hackers provided two .CSV files containing samples of the sensitive data belonging to passengers and the airline's staff.
Daixin shared a sample as proof and hinted it would leak the data in two batches.
The sample of personal information on one of the files reportedly comprised passenger IDs, booking IDs, and full names, and while the second file was said to hold data on employee details comprising photos, secret questions and answers (likely for account recovery), date of birth, nationality, country of birth, location, and date hired.
DataBreaches.com reported that AirAsia replied to the attack and engaged with the hacker group through chat, and after receiving a sample of the data, it did not try to negotiate the ransom amount any further, which indicates the airline did not plan to pay the attackers any amount.
Of the files encrypted, the report states that “the team had avoided locking “XEN, RHEL – hosts of flying equipment (radars, air traffic control etc.)” – which is part of the hacker group’s contended avoidance of encrypting or destroying anything potentially life-threatening.
It is still not clear how attackers got into Air Asia systems yet. There was no confirmation on the money demanded by the ransomware group or whether AirAsia settled a ransom in exchange for a decryption key.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?