Akasa Air suffered a data breach that leaked the personal information of its passengers, including their email addresses, names, gender, and other private information, on August 25, 2022. The Indian airline company alerted the Computer Emergency Response Team (CERT-In) about the breach.
Error in technical configuration
Important update from Akasa Air: https://t.co/LZCNSlexnH
— Akasa Air (@AkasaAir) August 28, 2022
The Indian airline Akasa Air, backed by billionaire investor Rakesh Jhunjhunwala, began its commercial operation on August 7, 2022. However, in less than a month, it got hit by a data breach, possibly caused by an internal system error.
In an official statement addressing the data breach, Akasa Air said, “As a result of this configuration error, some Akasa Air registered user information limited to names, gender, email addresses, and phone numbers may have been viewed by unauthorized individuals.”
Moreover, the statement added that the leak was caused by an internal “temporary technical configuration error” related to the login and sign-up service on the website portal and that there was no intentional hacking attempt.
Post the incident, the higher authorities at the airlines were notified, and Akasa Air reached out to CERT-in, sharing details of the compromised data, including passengers’ names, ages, addresses, phone numbers, gender, and email ID.
Unauthorized users might have access to the leaked data
Akasa Air confirmed that unauthorized individuals could have viewed the leaked passenger data in the statement. However, the airline assured users that the data leak did not compromise passengers’ sensitive information, including travel-related details, records, and payment information.
The company also shared that it had taken the necessary steps to prevent unauthorized access of the data, including shutting down associated functional elements of the airline and resuming it once the data was secured, reporting the incident to CERT-In and informing all the users whose data was leaked by the error. They further notified the users to be aware of any phishing attempts that may surface sooner or later since hackers might have accessed the information while it was available on the internet.