Akasa Air has suffered a data breach resulting in unauthorized individuals getting access to view user information limited to names, gender, email addresses and phone numbers.
Akasa Air, newest airline in India, which started its operations less than a month ago (August 7), has been hit by a data breach resulting in certain customer information being accessed by unauthorised individuals. The airline self-reported the incident to the nodal agency the Indian Computer Emergency Response Team (CERT-In) and also apologised for the data breach on Sunday, August 28, 2022.
“A temporary technical configuration error related to our login and sign-up service was reported to us on Thursday August 25, 2022. As a result of this configuration error, some Akasa Air registered user information limited to names, gender, email addresses and phone numbers may have been viewed by unauthorized individuals. We can confirm that aside from the above details, no travel-related information, travel records or payment information was compromised,” the airline said in a release on Sunday.
It also clarified that based on its records there was no intentional hacking attempt. The airline has shared this information with the customers who could have been potentially impacted. “We have also notified the affected users of the above, have informed such users that this matter has been reported to CERT-In (which is the Government authorised nodal agency tasked to deal with incidents of this nature) and have advised users to be conscious of possible phishing attempts,” the airline said in the release.
On being made aware of the incident, Akasa Air immediately stopped this unauthorised access by completely shutting down the associated functional elements of its system. Subsequently, having added additional controls to address this situation, the airline has resumed the login and sign-up services.
Anand Srinivasan, Co-Founder and Chief Information Officer at Akasa Air, said on the incident, “At Akasa Air, system security and protection of customer information is paramount, and our focus is to always provide a secure and reliable customer experience. While extensive protocols are in place to prevent incidents of such nature, we have undertaken additional measures to ensure that the security of all our systems is even further enhanced.”
“We will continue to maintain our robust security protocols, engaging wherever applicable, with partners, researchers, and security experts from whom we can benefit to strengthen our systems,” he added.