Malaysia conducts probe into AirAsia ransomware attack, data of 5 million people affected

AirAsia's passenger identities and booking details were allegedly compromised in the cyberattack. ST PHOTO: ALPHONSUS CHERN

PETALING JAYA - Investigations are ongoing to find the source of a ransomware attack that compromised the personal data of five million passengers and all employees of AirAsia, said Malaysia’s Communications and Digital Minister Fahmi Fadzil.

He said the ministry viewed the incident seriously, with personal information belonging to the budget airline’s passengers and staff being breached by hacker group Daixin Team.

“The investigation team from the ministry comprising the Personal Data Protection Department and CyberSecurity Malaysia has started its probe by having discussions with Capital A Bhd, the company that runs AirAsia on Dec 1.

“Early investigations show that the cyberattack on the AirAsia server on Nov 12 was caused by an unpermitted access into the system. This led to the ransomware attack which could potentially cause a data leak,” Mr Fahmi said in a statement on Saturday.

Following the discussion with Capital A, the company was ordered to produce related documentation and evidence from the incident to assist in the probe.

“Further investigations are still ongoing to identify the source of the attack as well as the impact caused by the incident.

“However, details of the case cannot be revealed to the public for the time being while the probe is still underway to avoid any legal complications,” Fahmi added.

The minister has urged all data users to always be on alert and beef up cybersecurity from time to time to ensure the safety of their databases and digital infrastructure.

“I also hope data users will outline cybersecurity policies and make sure these moves are followed as preventive measures against potential intrusions by irresponsible parties,” he said.

On Nov 23, it was reported that the personal data of five million passengers and all employees of AirAsia were compromised by the Daixin Team, with the group claiming responsibility for the ransomware attack.

Reports said some of the personal data included passenger identities, full names and booking details, as well as employee details like photos, secret questions and answers likely for account recovery, nationality and date of birth.

AirAsia has previously addressed the incident in an announcement made via the Bursa Malaysia website, stating that “the cyberattack was on redundant systems and did not affect our critical systems” and that it had “taken all measures to immediately resolve this data incident and prevent such future incidents”. THE STAR/ASIA NEWS NETWORK

Join ST's Telegram channel and get the latest breaking news delivered to you.