November 22, 2022

Daixin Team, a cybercrime group, has made public new data belonging to AirAsia, a Malaysian low-cost airline, on its data leak portal, just over a week after the company was hit by a ransomware attack on November 11 and 12.

The threat actors allegedly claim to have obtained personal information on five million unique passengers as well as all of the airline’s employees.

The Daixin Team has provided two spreadsheets that seem to to contain personal information from airline passengers and employees, such as date of birth, country of birth, where that person is from, when employed for employees, and the “secret question and answer” used to secure accounts.

According to the group, it shared a sample of the data with AirAsia after encrypting its database and demanding an undisclosed fee to unlock it and explain how it gained access to the network. It went on to say that the lack of organization on AirAsia Group’s network saved the company from further attacks.

Daixin Team added that, in order to avoid encrypting or destroying anything that could be life-threatening, it has avoided locking up critical files related to flying equipment but has completely locked out access to staff and passenger records until payment is made.

According to reports, AirAsia did not attempt to negotiate the amount, implying that they had no intention of paying anything.

The sources for this piece include an article in TheHackerNews.