India’s newest airline, Akasa Air, exposed personal identity data including names, email IDs and phone numbers of its customers.
(Sign up to our Technology newsletter, Today’s Cache, for insights on emerging themes at the intersection of technology, business and policy. Click here to subscribe for free.)
A technical error in our login and sign-up service reported on Thursday exposed personal data like names, gender, email addresses and phone numbers of some passengers which may have been viewed by unauthorized individuals, the airline acknowledged in a statement.
The company apologised for this incident and assured that no travel-related or payment information of the customers was compromised.
It has reported the incident to CERT-In, the Government authorised nodal agency tasked to deal with such incidents.
It has also stopped this unauthorised access by completely shutting down the associated functional elements of their system, added additional controls to address this and resumed their login and sign-up services.
This issue was first discovered by cybersecurity researcher Ashutosh Barot on August 7, the day when the airline started its flight operations.
He warned about this in a blog and explained how he could access user’s personal information like contacts, while he explored the airline’s security system for bugs.