KUALA LUMPUR (Nov 23): AirAsia Group fell victim to a ransomware attack earlier this month on Nov 11 and 12 by Daixin Team.
According to DataBreaches, a site that reports data breaches incidents worldwide, on Nov 19 the threat actors, who were the topic of a recent US Cybersecurity and Infrastructure Security Agency alert, informed DataBreaches that they obtained the personal data of 5 million unique passengers and all employees.
DataBreaches said it was provided with two .csv files that Daixin Team also provided to AirAsia Group.
It said one file contained information on named passengers.
The second file contained employee information with numerous fields that included name, date of birth, country of birth, location, date employment started, their “secret question,” “answer,” and salt.
Citing a Daixin spokesperson, DataBreaches said AirAsia responded to the attack.
They reportedly entered the chat quickly, asked Daixin’s negotiator for an example of the data, and after receiving the sample, “asked in great detail how we would delete their data in case of payment.”
AirAsia reportedly did not try to negotiate the amount, which may indicate that they never had any intention of paying anything.
‘Usually everyone wants to negotiate a smaller amount,” the spokesperson told DataBreaches.
DataBreaches said it does not know how much Daixin Team demanded to provide a decryption key, delete all data they had exfiltrated, and inform AirAsia Group of the vulnerabilities that had been found and exploited.
The firm said that over the past few years, Malaysian entities have often been targets of cyberattacks, as the number of databases and leaks on hacking-related forums or a search of this site attests.
It said AirAsia Group is not the only Malaysian air carrier to suffer a breach.
Malaysia Airlines disclosed data security incidents in both 2020 and 2021.
As of January 2022, AirAsia Group became Capital A Berhad, operating as AirAsia.
AirAsia is the largest airline in Malaysia by fleet size and destinations.