Akasa Air suffered a mega data breach involving the personal details of its passengers on August 25.
The Indian domestic airliner informed the team of the Indian Computer Emergency Response Team (CERT-In). Akasa Air said it informed the CERT-In that details of passengers such as name, gender, phone number and email ids were leaked.
“This is to inform you that a temporary technical configuration error related to our login and sign-up service was reported on Thursday, August 25, 2022,” Akasa Air said in a mail.
It, however, said no confidential details of the passengers, such as travel records or payment information, were exposed during the leak.
The airline claimed to have self-reported the data breach to the CERT-In. The security agency is likely to conduct a thorough investigation to delve into the depths of the incident.
“We self-reported the incident to CERT-In (which is the Government authorized nodal agency tasked to deal with incidents of this nature). Despite having extensive protocols in place to prevent incidents of such nature, we have undertaken additional reviews to ensure that the security of all our systems is enhanced further,” the above mail read.
Apart from notifying the CERT-In, Akasa Air also sent emails on Saturday and Sunday to its passengers who had registered with the airline and shared their personal details.
“At Akasa Air, the system security and protection of customer information is paramount, and our focus is to always provide a secure and reliable customer experience.
We are continuously reinforcing our systems, including working with experts and the research community, to ensure that they are robust,” it said. We sincerely apologize to you for any inconvenience caused as a result of this incident,” the airliner further said in the mail on Sunday.
Earlier, login and sign-up services were stopped by Air Akasa during the breach period, but they have resumed again to be available to new users.