Moneycontrol PRO
Open App
you are here: HomeNewsIndia

Akasa Air suffers data breach, 'unauthorised individuals' gain access to user information

In the communication posted on its website, the airline wrote: “A temporary technical configuration error related to our login and sign-up service was reported to us on Thursday, August 25, 2022.”

August 28, 2022 / 07:44 PM IST
The airline started its operations on August 7

The airline started its operations on August 7

Akasa Air informed on August 28 that it has suffered a data breach resulting in unauthorised individuals gaining access to user information. The airline, which started operations on August 7, has apologised to its customers and has “self-reported the incident” to CERT-In, according to a communication.

In the communication posted on its website, the airline wrote: “A temporary technical configuration error related to our login and sign-up service was reported to us on Thursday, August 25, 2022.”

“As a result of this configuration error, some Akasa Air registered user information limited to names, gender, email addresses, and phone numbers may have been viewed by unauthorised individuals. We can confirm that aside from the above details, no travel-related information, travel records, or payment information was compromised.”

Anand Srinivasan, Co-Founder and Chief Information Officer at Akasa Air, said: “At Akasa Air, system security and protection of customer information is paramount, and our focus is to always provide a secure and reliable customer experience. While extensive protocols are in place to prevent incidents of such nature, we have undertaken additional measures to ensure that the security of all our systems is even further enhanced.

"We will continue to maintain our robust security protocols, engaging wherever applicable, with partners, researchers, and security experts from whom we can benefit to strengthen our systems," Srinivasan added.

Close

Also read: Akasa Air all set for first flight from Mumbai today

After the incident, the following steps were taken by Akasa Air to mitigate risks for current and future scenarios:

To begin with, on being made aware of the data breach, the airline immediately stopped the unauthorised access by completely shutting down the associated functional elements of their system. Only after adding additional controls to address this situation, the login and sign-up services were resumed.

Akasa Air said: “We self-reported the incident to CERT-In (which is the Government authorised nodal agency tasked to deal with incidents of this nature). We have also notified the affected users of the above, have informed such users that this matter has been reported to CERT-In (which is the Government authorised nodal agency tasked to deal with incidents of this nature), and have advised users to be conscious of possible phishing attempts.”

Also read: Rakesh Jhunjhunwala’s last interview: "Akasa Air is frugal, will be very competitive"

The airline added: “We would like to clarify that basis our records there was no intentional hacking attempt, but that the situation was reported by a research expert through a journalist for which we are grateful. As a part of our commitment to be always transparent, we proactively shared this information with our customers who could have been potentially impacted.”
PTI
first published: Aug 28, 2022 03:14 pm
Sections
ISO 27001 - BSI Assurance Mark