Akasa Air, India’s newest airline carrier, has reported a major data breach in which unauthorized individuals gained access to certain customer information. The incident occurred within a month of the airline’s domestic flight operations beginning.
The airline apologized for the data breach and stated that it was “self-reported” to the nodal agency, the Indian Computer Emergency Response Team (CERT-In).
Akasa Air Data Breach
Akasa Air shared the incident of a data breach in an important update issued on Sunday, saying, “A temporary technical configuration error related to our login and sign-up service was reported to us on Thursday, August 25, 2022.”
As a result of this configuration error, some Akasa Air registered user information limited to names, gender, email addresses and phone numbers may have been viewed by unauthorized individuals. We can confirm that aside from the above details, no travel-related information, travel records or payment information was compromised.Advertisement
Akasa Air also stated that the following steps have been taken to mitigate risks for current and future scenarios:
1. On being made aware of this, we immediately stopped this unauthorised access by completely shutting down the associated functional elements of our system. Subsequently, having added additional controls to address this situation, we have resumed our login and sign-up services.
2. We self-reported the incident to CERT-In (which is the Government authorised nodal agency tasked to deal with incidents of this nature).
3. We have also notified the affected users of the above, have informed such users that this matter has been reported to CERT-In (which is the Government authorised nodal agency tasked to deal with incidents of this nature) and have advised users to be conscious of possible phishing attempts.
The airline also clarifies that there was no intentional hacking attempt based on our records, but that the situation was reported by a research expert via a journalist, for which we are grateful. We proactively shared this information with our customers who could have been impacted as part of our commitment to always be transparent.
Commenting on the incident, Anand Srinivasan, Co-Founder and CTO at Akasa Air said;
“At Akasa Air, system security and protection of customer information is paramount, and our focus is to always provide a secure and reliable customer experience. While extensive protocols are in place to prevent incidents of such nature, we have undertaken additional measures to ensure that the security of all our systems is even further enhanced. We will continue to maintain our robust security protocols, engaging wherever applicable, with partners, researchers, and security experts from whom we can benefit to strengthen our systems”.