Malaysian airline AirAsia is investigating claims of data breach of 5 million people

Hackers are claiming that AirAsia was the target of a ransomware attack. This attack was orchestrated by a hacker group known as Daixin Team, and took place on November 11 and 12, 2023.

The hackers claimed responsibility for the breach and claim to have compromised the personal data of five million passengers and all employees of the airline. The data exposed in this breach include:

• passenger IDs,
• full names,
• booking IDs,
• employee photos,
• secret questions and answers,
• nationality,
• date of birth,
• country of birth,
• location,
• the date employee was hired.

AirAsia confirmed the attack and issued a statement, clarifying that the cyberattack impacted only redundant systems without affecting critical operations.

The airline emphasized that there were no operational or financial repercussions from the incident and assured that measures had been taken to resolve the data incident and prevent future occurrences.

However, AirAsia's statement did not directly address the leakage of the personal data involving five million passengers or confirm whether any personal data had been exposed as a result of the attack.