304 North Cardinal St.
Dorchester Center, MA 02124
Akasa Air said it suffered a major data breach involving the personal information of its passengers on Thursday. Details of the breach were shared with India’s Computer Emergency Response Team (CERT-In), which on Sunday reported the new entry among domestic airlines.
Akasa Air informed the security agency that flyers’ details such as name, gender, phone number and email address had been leaked. The agency is now likely to conduct a thorough investigation to delve deep into the incident.
“This is to inform you that a temporary technical configuration error related to our check-in and check-in service was reported on Thursday, August 25, 2022,” Akasa Air said.
“When we were informed of the incident, we immediately stopped this unauthorized access by completely shutting down the related functionality of our system. We subsequently added additional controls to address this situation and restored our login and registration services.”
Apart from the CERT-in alert, Akasa Air also sent emails to its passengers who registered with the airline and shared their personal details.
“We self-reported the incident to CERT-In (which is the government’s authorized nodal agency charged with dealing with incidents of this nature). Although we have extensive protocols in place to prevent incidents of this nature, we have carried out additional checks to ensure that the security of all our systems is further strengthened,” Akasa Air said in an email.
However, Akasa Air was quick to say that no confidential flyer details, such as travel records or payment details, were exposed during the leak. Akasa Air also assured its passengers that the security measures of its systems will be reviewed soon and will also be strengthened to prevent such outages.
The airline had previously stopped logins and registrations for its service during this period, but it has now been reinstated to make it available to new users.
It also apologized to its passengers for the data error and assured them it would not happen again.
“At Akasa Air, system security and the protection of customer information are paramount, and we always aim to provide a safe and reliable customer experience. We are constantly strengthening our systems, including working with experts and the research community, to ensure they are robust,” it said. “We sincerely apologize for any inconvenience caused as a result of this incident,” the email added.
Akasa Air started its first journey on 7 August and its first flight from Mumbai to Ahmedabad was operated using the newly leased Boeing B737 MAX aircraft.