AirAsia Group was targeted by Daixin ransomware group that exposed 5M UNIQUE Passenger personal data, and all employee's personal data leaked.
The exposed information includes the date of birth, country of birth, where that person is from when employed for employees and the “secret question and answer” used to secure accounts.
The group claims that after encrypting its database and requesting an unspecified price to unlock it and reveal how it gained access to the network, it gave AirAsia a sample of the data.
In order to avoid encrypting or destroying anything that would be life-threatening, Daixin Team stated it had avoided locking up crucial files linked to flying equipment.
However, it has entirely restricted access to staff and passenger records until payment has been received.
Source: https://www.lowyat.net/2022/289084/daixin-airasia-hack-databreach/
TPRM report: https://scoringcyber.rankiteo.com/company/airasia
"id": "air1013221122",
"linkid": "airasia",
"type": "Ransomware",
"date": "11/2022",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '5 million passengers and all '
'employees',
'industry': 'Aviation',
'name': 'AirAsia Group',
'type': 'Airline'}],
'data_breach': {'number_of_records_exposed': ['5 million unique passenger '
'personal data',
'All employee personal data'],
'personally_identifiable_information': ['Date of birth',
'Country of birth',
'Employment location',
'Secret question and '
'answer'],
'sensitivity_of_data': ['High'],
'type_of_data_compromised': ['Personal data']},
'description': 'AirAsia Group was targeted by Daixin ransomware group that '
'exposed 5 million unique passenger personal data, and all '
"employee's personal data leaked. The exposed information "
'includes the date of birth, country of birth, where that '
'person is from when employed for employees and the “secret '
'question and answer” used to secure accounts. The group '
'claims that after encrypting its database and requesting an '
'unspecified price to unlock it and reveal how it gained '
'access to the network, it gave AirAsia a sample of the data. '
'In order to avoid encrypting or destroying anything that '
'would be life-threatening, Daixin Team stated it had avoided '
'locking up crucial files linked to flying equipment. However, '
'it has entirely restricted access to staff and passenger '
'records until payment has been received.',
'impact': {'data_compromised': ['Passenger personal data',
'Employee personal data'],
'systems_affected': ['Database']},
'motivation': 'Financial Gain',
'ransomware': {'data_encryption': 'Yes',
'data_exfiltration': 'Yes',
'ransom_demanded': 'Unspecified price',
'ransomware_strain': 'Daixin'},
'threat_actor': 'Daixin Ransomware Group',
'title': 'AirAsia Group Data Breach by Daixin Ransomware',
'type': 'Ransomware'}