Last month, we reported that AirAsia was hacked by a ransomware group, Daixin. The hackers said they have leaked five million unique passengers and employees data as well. AirAsia responded to Daixin but made no negotiations, and subsequently, the group has decided to release all the data and tell everyone that there are backdoors into AirAsia’s network.
The Ministry of Communications and Digital (KKMM) said that they have started investigating this incident, with the help of Department of Personal Data Protection (JPDP) and CyberSecurity Malaysia (CSM) and they have started discussions about the event on 1 December with AirAsia’s parent company, Capital A.
According to preliminary investigations, unauthorised access to the company’s server system on 12 November may have resulted in data leakage.
Capital A has been ordered to turn over any documents and computerised data related to the case as a result of the discussions. KKMM minister, Fahmi Fadzil emphasised that in addition to determining the overall impact of the incident, additional investigations would be carried out to identify the breach’s source.
Fahmi also added that they would not be able to reveal anything else related to the ongoing investigation to avoid legal implications and disrupting the investigation.
AirAsia was saved from further attacks from Daixin due to the company’s poor security and incompetency. The ransomware group said they were very irritated by it and demotivated.