Akasa Air targeted by hackers; suffers data breach; reports CERT-In

AKASA AIR

Akasa Air informed on August 28 that it has suffered a data breach resulting in unauthorised individuals gaining access to user information. The airline, which started operations on August 7, has apologised to its customers and has “self-reported the incident” to CERT-In, according to a communication.

Apart from notifying the CERT-In, Akasa Air also sent emails on Saturday and Sunday to its passengers who had registered with the airline and shared their personal details.

Earlier, login and sign-up services were stopped by Air Akasa during the breach period, but they have resumed again to be available to new users.

AKASA AIR
Akasa Air operated its inaugural flight on August 7 from Mumbai to Ahmedabad.

The airline’s communication on its website wrote: “A temporary technical configuration error related to our login and sign-up service was reported to us on Thursday, August 25, 2022.”

“Due to this configuration error, some Akasa Air registered user information limited to names, gender, email addresses, and phone numbers may have been viewed by unauthorised individuals. We can confirm that aside from the above details, no travel-related information, travel records, or payment information was compromised.”

“At Akasa Air, system security and protection of customer information is paramount, and our focus is to always provide a secure and reliable customer experience. While extensive protocols are in place to prevent incidents of such nature, we have undertaken additional measures to ensure that the security of all our systems is even further enhanced.

We will continue to maintain our robust security protocols, engaging wherever applicable, with partners, researchers, and security experts from whom we can benefit to strengthen our systems.”

Anand Srinivasan, Co-Founder and Chief Information Officer, Akasa Air

After the incident, the following steps were taken by Akasa Air to mitigate risks for current and future scenarios:

To begin with, on being made aware of the data breach, the airline immediately stopped the unauthorised access by completely shutting down the associated functional elements of their system. Only after adding additional controls to address this situation, the login and sign-up services were resumed.

Akasa Air informed on August 28 that it has suffered a data breach resulting in unauthorised individuals gaining access to user information.

Akasa Air, which operated its inaugural flight on August 7 from Mumbai to Ahmedabad, said it immediately stopped the unauthorised access by completely shutting down the associated functional elements of its system.

“We self-reported the incident to CERT-In (which is the Government authorised nodal agency tasked to deal with incidents of this nature). We have also notified the affected users of the above, have informed such users that this matter has been reported to CERT-In (which is the Government authorised nodal agency tasked to deal with incidents of this nature), and have advised users to be conscious of possible phishing attempts.

We would like to clarify that basis our records there was no intentional hacking attempt, but that a research expert reported the situation through a journalist for which we are grateful. As a part of our commitment to being always transparent, we proactively shared this information with our customers who could have been potentially impacted.”

Akasa Air

This is not the first time when an airline has faced a data breach. Indian carriers like IndiGo, Air India and SpiceJet have also seen their database being hacked in the last few years. 

ALSO READ – SpiceJet under attack by ransomware; morning flights affected

In May, SpiceJet was hit by a ransomware attack that significantly impacted its operations, leading to several flight cancellations and many more delays.

Air India suffered a major cybersecurity attack in 2021, affecting around 4.5 million passengers. On that occasion, critical information stored since 2011, such as credit card and passport details, was accessed by hackers.

Cover Image – Ishaan Wadhwa

Responses

Feed
Jobs
News
Magazine