Newly-launched Indian carrier Akasa Air has suffered a significant security breach involving passenger data. The carrier uncovered the data theft on Thursday and informed passengers of the breach, reassuring them that no critical information, such as payment details or travel records, were accessed.

Hackers access Akasa Air passenger data

Akasa Air has announced that hackers have breached the airline's security systems and gained access to sensitive passenger information. The data breach is said to have occurred on August 25th after a technical error made the airline's systems vulnerable to unauthorized access.

The passenger information accessed included names, email addresses, gender and phone numbers. Fortunately for passengers, hackers did not gain access to payment information or travel records during the breach.

Akasa Air - 2
Akasa Air only launched its inaugural flight three weeks ago. Photo: Akasa Air

Akasa Air said in an email to passengers,

"This is to inform you that a temporary technical configuration error related to our login and sign-up service was reported on Thursday, August 25, 2022. As a result, some Akasa Air registered user information limited to names, gender, email addresses and phone numbers may have been viewed by unauthorized individuals. We can confirm to you that aside from the above details, no travel-related information, travel records or payment information was compromised."

Akasa Air claims it will reinforce its security systems to ensure a breach like this never happens again by working with cybersecurity experts and researchers. The vulnerability was reportedly the result of "a temporary technical configuration error" related to the airline's login and sign-up service on its official website, where customers can make bookings.

The airline added,

"We wanted to make you aware of this situation and urge you to be vigilant against possible phishing attempts, since your information may have been accessed as a result of this incident."

Reported to the relevant authorities

After uncovering the data theft, Akasa Air immediately shut down its systems to prevent further damage. The carrier also self-reported the incident to the Indian Computer Emergency Response Team (CERT-In), a part of India's Ministry of Electronics and Information Technology.

The airline said,

"On being made aware of the incident, we immediately stopped this unauthorized access by completely shutting down the associated functional elements of our system. Subsequently, having added additional controls to address this situation, we have resumed our login and sign-up services."

Discover more aviation news with Simple Flying.

India's cybersecurity problems

Indian airlines have suffered from several cybersecurity attacks in recent years. In May, SpiceJet was hit by a ransomware attack that significantly impacted its operations, leading to several flight cancelations and many more delays.

Air India Planes Getty 1238298309
Air India suffered one of the biggest data breaches in aviation history last year. Photo: Getty Images

Air India suffered a major cybersecurity attack last year, affecting around 4.5 million passengers. On that occasion, critical information stored since 2011, such as credit card and passport details, was accessed by hackers.

Have you been affected by this data breach at Akasa Air? Let us know in the comments.