Last weekend, the Communications And Digital Ministry (KKMM) announced that it has begun looking into the recent cyberattack on budget airline AirAsia. The leak saw the Daixin ransomware group claiming that it had obtained the personal data of five million passengers as well as AirAsia’s employees.
According to minister Fahmi Fadzil, the ministry’s investigation team, consisting of the Department of Personal Data Protection (JPDP) and CyberSecurity Malaysia (CSM), began discussions regarding the incident with Capital A, AirAsia’s parent company, on 1 December. Initial investigations indicate that the company’s server system was indeed accessed by an unauthorised party on 12 November with the potential for data leaks.
[KENYATAAN MEDIA]
𝐒𝐈𝐀𝐒𝐀𝐓𝐀𝐍 𝐊𝐄𝐌𝐄𝐍𝐓𝐄𝐑𝐈𝐀𝐍 𝐊𝐎𝐌𝐔𝐍𝐈𝐊𝐀𝐒𝐈 𝐃𝐀𝐍 𝐃𝐈𝐆𝐈𝐓𝐀𝐋 𝐊𝐄 𝐀𝐓𝐀𝐒 𝐃𝐀𝐊𝐖𝐀𝐀𝐍 𝐈𝐍𝐒𝐈𝐃𝐄𝐍 𝐊𝐄𝐓𝐈𝐑𝐈𝐒𝐀𝐍 𝐃𝐀𝐓𝐀 𝐏𝐄𝐑𝐈𝐁𝐀𝐃𝐈 𝐏𝐄𝐍𝐔𝐌𝐏𝐀𝐍𝐆 𝐃𝐀𝐍 𝐊𝐀𝐊𝐈𝐓𝐀𝐍𝐆𝐀𝐍 𝐀𝐈𝐑𝐀𝐒𝐈𝐀 pic.twitter.com/N37gti52Nk
— KKMM (@kkmm_gov) December 10, 2022
Following the discussions, Capital A has been instructed to turn over any documents and computerised data related to the case. Fahmi stressed that further investigations will be conducted to track down the source of the breach in addition to assessing the overall impact of the incident.
We won’t know anything else for a while as the minister stated that no further details of the case would be revealed while investigations are ongoing, as to avoid legal implications and disrupting the investigation. Fahmi added that all data users should constantly monitor and improve aspects of cybersecurity from time to time by ensuring that system infrastructure, databases, and networks are updated and secure.
Daixin, in an interview with DataBreaches.net, said that it actually reached out to AirAsia and received a response. The amount of the ransom wasn’t revealed, though the group mentioned that the carrier had no intention of paying up to delete the data.
Daixin’s representative lamented AirAsia’s disorganised network, stating that they would not repeat the attack due to the chaos and lack of standards. The company confirmed the cyberattack in a statement a few days later but did not disclose how much personal data exactly was stolen.
The post Communications And Digital Ministry Begins Investigation Into AirAsia Personal Data Leak appeared first on Lowyat.NET.
0 Commentaires