AirAsia issued a statement clarifying that the recently reported ransomware attack did not affect any critical systems. It said the “cyber attack was on redundant systems”. “The company has taken all measures to resolve this data incident immediately and prevent such future incidents,” it added. No further comments were provided.
It was initially reported by DataBreaches that a ransomware attack by the Daixin team led to five million unique passenger data, and that all employee data was also deleted. The attack is said to have taken place on November 11 and 12 and two CSV files were allegedly shared by the attackers with Passenger ID, full name and ticket cost. AirAsia allegedly responded to the Daixin team via chat after the attack and the airline did not negotiate the ransom amount. It also has no intentions of paying.
The Daixin team was recently mentioned in a joint cybersecurity advisory in the US as part of an ongoing #StopRansomware effort. The Daixin Team is described as a ransomware and data extortion group that has been operating since at least June this year, targeting businesses in the healthcare and public health sectors in the United States.
The company has also made some changes to its systems recently. In October this year, AirAsia improved its facial recognition system, FACES, by integrating with Malaysia Airports Holdings Berhad (Malaysia Airports) EZPaz technology at Kuala Lumpur International Airport (klia2), offering a contactless journey for its travelers. FACES is available across key customer touchpoints including mobile check-in, check-in counter, pre-security check and boarding, for selected domestic journeys in the launch phase.
Guests who have registered for FACES via the airasia Super App do not need to present their boarding pass after self check-in. The enhanced contactless feature went live with guests from Kuala Lumpur to Kuching.
Earlier this month, the AirAsia Superapp also launched in Indonesia. According to Airasia, for a fully integrated travel experience, the travel super app has also unveiled its plans to brand its ride-hailing service, Airasia Ride to Bali. It will enable end-to-end travel for anyone using the airasia super app on the island of Bali. Its entry into the Indonesian market is expected to disrupt the local super app space as it is the only one offering a fully integrated travel booking experience on a convenient platform, Airasia said.