Govt confirms AirAsia data breach was due to Daixin ransomware
SHAH ALAM - The Malaysian government has confirmed that the AirAsia data breach was indeed caused by ransomware deployed by the hacker group Daixin in an unauthorised access into the company's servers on November 12.
As a result, Communications and Digital Minister Fahmi Fadzil has directed AirAsia's parent company -- Capital A -- to furnish relevant documents and evidence pertaining to the cyber crime to the ministry's probe team.
"Investigations are still being done to determine the cause of the breach and its overall impact. However details regarding the case cannot be disclosed to the public due to legal implications.
"I implore all data users to monitor and beef up their cyber security by updating their infrastructure system and data servers to avoid unauthorised access," said Fahmi in a statement issued today.
The ministry's probe team consisted of the Personal Data Protection Department and CyberSecurity Malaysia.
According to reports the AirAsia data breach involved the personal data of five million passengers and all of the company's employees.
According to a report from DataBreaches.com – a website specialising in reporting data breaches worldwide – the hackers provided them with two.csv files containing samples of the sensitive information belonging to both passengers and the airlines’ staff, which Daixin Team claims to have also given to AirAsia.
The sample of personal data on one of the files reportedly included passenger IDs, full names, and booking IDs, while the second file was said to contain data pertaining to employee details including photos, secret questions and answers (likely for account recovery), nationality, date of birth, country of birth, location, and date hired.
DataBreaches.com – citing the Daixin Team’s spokesperson – wrote in their report that AirAsia responded to the attack and engaged with the hacker group via chat, and after receiving a sample of the data did not attempt to negotiate the ransom amount any further.