Akasa Air suffers mega data breach, informs CERT-in, apologizes to passengers

Aug 28, 2022

New Delhi [India], August 28 : The new entrant among domestic airlines, Akasa Air said that it suffered a mega data breach involving the personal details of its passengers on Thursday and shared it with the team of Indian Computer Emergency Response Team (CERT-In), the airline informed on Sunday.
"This is to inform you that a temporary technical configuration error related to our login and sign-up service was reported on Thursday, August 25, 2022," Akasa Air said.
Akasa Air informed the security agency that the details of the fliers such as name, gender, phone number, and email id were leaked.
The airlines claimed to have self-reported the leak to CERT-In, and the agency is now likely to conduct a thorough investigation to delve into the depths of the incident.
"On being made aware of the incident, we immediately stopped this unauthorized access by completely shutting down the associated functional elements of our system. Subsequently, having added additional controls to address this situation, we have resumed our login and sign-up services," the airline said.
Besides notifying the CERT-in, Akasa Air also sent emails on Saturday and Sunday to its passengers who had registered with the airline and shared their personal details. The airline further informed them about the leak and kept them confident about their well-being.
"We self-reported the incident to CERT-In (which is the Government authorized nodal agency tasked to deal with incidents of this nature). Despite having extensive protocols in place to prevent incidents of such nature, we have undertaken additional reviews to ensure that the security of all our systems is enhanced further," Akasa Air's mail read.
However, Akasa Air has been quick to mention that no confidential details of the fliers, such as travel records or payment information, were exposed during the leak. Akasa Air also assured its passengers that the security measures of its systems will be reviewed soon and they will also enhance them to avoid such lapses.
The airline had earlier stopped the login and sign-up for its service during this period, but it is now resumed again to be available to the new users.
Akasa Air started its maiden journey on August 7 and its first service from Mumbai to Ahmedabad was operated using its newly hired Boeing B737 MAX aircraft.
It also apologized to its passengers for the error with the data and assured them that it would not happen again.
"At Akasa Air, the system security and protection of customer information is paramount, and our focus is to always provide a secure and reliable customer experience. We are continuously reinforcing our systems, including working with experts and the research community, to ensure that they are robust," it said.
"We sincerely apologize to you for any inconvenience caused as a result of this incident," Akasa Air said in the mail to its passengers.