It was announced last month that approximately five million AirAsia passengers, as well as all of the company's employees, were affected by a ransomware attack. Malaysian authorities have yet to find the source of the attack and determine the overall impact but have gathered few leads so far.
A spokesman from the ministry said the ministry viewed the incident of the data breach by the malicious group as a serious breach of the privacy of passengers and staff of the budget airline. This is following the hacker group Daixin Team gaining access to the personal information of its passengers and staff.
On 1st December, an investigation team from the ministry, composed of the Personal Data Protection Department and CyberSecurity Malaysia, commenced its investigation by having discussions with Capital A Bhd, the company that runs AirAsia.
Initially, it was revealed that the cyberattack on the AirAsia server, which took place on Nov 12, was caused by unauthorized access to the system as a result of "early investigations."
In a statement released on Saturday, Mr. Fahmi said that this led to the ransomware attack, which could result in a data leak.
As a consequence of the discussion with Capital A, the company has been ordered to provide relevant documentation and evidence about the incident. This is to aid the investigation into the incident.
Mr. Fahmi said further investigation is being conducted to determine what triggered the attack as well as what impact it may have had.
It is their policy not to reveal details of the case to the public while the investigation is still ongoing. This is to avoid any legal complications in the future.
As stated by the minister, all data users should always be aware of cybersecurity threats and should enhance their security from time to time. As a result, their databases and infrastructure will remain safe and secure for a long time.
The Minister also expressed that data users would outline cybersecurity policies and ensure these precautions are followed. This will enable us to avoid the use of data in the hands of irresponsible parties.
There was a report on Nov 23, which stated that the Daixin Team had compromised the personal information of about five million AirAsia passengers and all of its employees. Ransomware was released by a group that claimed responsibility for the attack.
Reports suggested that the information included the names and identifiers of the passengers, as well as details of their bookings. Additionally, details such as employee photos, secret questions, and answers, as well as nationalities and dates of birth, may be utilized by the recovery team to find the account.
Earlier, AirAsia announced on the Bursa Malaysia website that it had taken all reasonable precautions to resolve the data incident. It was stated in that announcement that the cyberattack affected redundant systems and did not affect our critical systems and that all measures had been taken to resolve this data incident as soon as possible and prevent similar incidents in the future.