Akasa Air recently suffered a data breach related to its login and sign-up service, which was discovered last week , the airline said in an email to its passengers.
“A temporary technical configuration error related to our login and sign-up service was reported to us on Thursday August 25, 2022. As a result of this configuration error, some Akasa Air registered user information limited to names, gender, email addresses and phone numbers may have been viewed by unauthorised individuals,” the airline said in a statement. It added that no travel-related information, travel records or payment information was compromised.
The airline spokesperson did not say how many passengers or users were likely affected due to the breach. The statement was also silent on the duration of the security violation. It said that it was made aware of the situation by a research expert through a journalist, but according to its records there was no intentional hacking attempt.
The airline said it took a slew of measures after being informed of the breach, which included reporting the incident to Indian Computer Emergency Response Team (CERT-In), the government’s nodal agency for dealing with incidents related to cyber security threat. The airline has also stopped the unauthorised access and added additional control to address the issue and resumed its login and sign up services. It has also notified the affected users of the above.
“We will continue to maintain our robust security protocols, engaging wherever applicable, with partners, researchers, and security experts from whom we can benefit to strengthen our systems,” Anand Srinivasan, Co-Founder and Chief Information Officer at Akasa Air, said about the incident.
Security report
Aerospace company Thales, which also provides solutions for data security, in its 2022 Thales Cloud Security Report in June 2022 found that as cloud and multi-cloud adoption rose, 37% of respondents from India experienced a cloud-based data breach or failed audit in the past 12 months. It recommended that enterprises must ensure data encryption as well as adopt Zero Trust model, which is a strategic approach to cybersecurity that secures an organisation against ransomware and cybersecurity threats by assigning the least required access needed to perform specific tasks.