Data Breach at Akasa Air; ‘Self reported’ to CERT-In, says airline

Akasa Air alerted many passengers that their sensitive personal information has been leaked through a data breach related to the airline’s login and sign-up service.

Akasa Air said on Sunday that personal information of its registered users pertaining to name, gender, email address and phone number may have been compromised due to a technical glitch. Though the carrier reported the incident to the government body Indian Computer Emergency Response Team (CERT-In), it said there was no “intentional hacking attempt”.

“At Akasa Air, system security and protection of customer information is paramount, and our focus is to always provide a secure and reliable customer experience. While extensive protocols are in place to prevent incidents of such nature, we have undertaken additional measures to ensure that the security of all our systems is even further enhanced,” said Anand Srinivasan, co-founder and chief information officer, Akasa Air

He said that the airline will continue to maintain its robust security protocols, engaging wherever applicable with partners, researchers, and security experts, from whom it can benefit to strengthen its systems.

The company said that it stopped the “unauthorised access” by completely shutting down the elements of the system associated with the breach. It added that it has resumed log-in and sign-up services after adding additional controls to address the situation. Akasa also added that it is undertaking additional reviews to strengthen its systems against such attacks in the future.

A temporary technical configuration error related to Akasa Air’s log-in and sign-up service was reported to it on August 25, resulting in the user information probably being viewed by unauthorised individuals.

However, the airline confirmed that other than name, gender, email address and phone number, no travel-related information, travel records or payment information was compromised. The airline said that on being made aware of the incident, it stopped the unauthorised access by shutting down the associated functional elements of its system.

Later on, it resumed log-in and sign-up services after adding additional controls. “We self-reported the incident to CERT-In (which is the government’s authorized nodal agency tasked to deal with incidents of this nature),” Akasa Air said. CERT-In comes under the Ministry of Electronics & IT.  FE

Source : https://indianexpress.com/article/technology/tech-news-technology/akasa-air-passengers-personal-information-leaks-in-breach-report-8116633/

Add a Comment

Your email address will not be published. Required fields are marked *