PETALING JAYA: Investigations are ongoing to find the source of the ransomware attack that compromised the personal data of five million passengers and all employees of AirAsia, says Fahmi Fadzil.
The Communications and Digital Minister said the ministry viewed the incident seriously, with personal information belonging to the airline’s passengers and staff being breached by hacker group Daixin Team.
“The investigation team from the ministry comprising the Personal Data Protection Department and CyberSecurity Malaysia has started its probe by having discussions with Capital A Bhd, the company that runs AirAsia on Dec 1.
“Early investigations show that the cyberattack on the AirAsia server on Nov 12 was caused by an unpermitted access into the system.
“This led to the ransomware attack which could potentially cause a data leak,” Fahmi said in a statement on Saturday (Dec 10).
Following the discussion with Capital A, the company was ordered to produce related documentation and evidence from the incident to assist in the probe.
“Further investigations are still ongoing to identify the source of the attack as well as the impact caused by the incident.
“However, details of the case cannot be revealed to the public for the time being while the probe is still underway to avoid any legal complications,” Fahmi added.
ALSO READ: ‘Curb data leaks with heavier penalties’
In the meantime, the minister urged all data users to always be on alert and beef up cybersecurity from time to time to ensure the safety of their databases and digital infrastructure.
“I also hope data users will outline cybersecurity policies and make sure these moves are followed as preventive measures against potential intrusions by irresponsible parties,” he said.
On Nov 23, it was reported that the personal data of five million passengers and all employees of AirAsia were compromised by the Daixin Team, with the group claiming responsibility for the ransomware attack.
Reports said some of the personal data included passenger IDs, full names and booking IDs, as well as employee details like photos, secret questions and answers (likely for account recovery), nationality and date of birth.
AirAsia has previously addressed the incident in an announcement made via the Bursa Malaysia website, stating that “the cyberattack was on redundant systems and did not affect our critical systems” and that it had “taken all measures to immediately resolve this data incident and prevent such future incidents”.
