LONDON – Akasa Air, India’s newest start-up airline, has experienced a data breach which saw the unauthorised access of certain customer details.
In a quick response, the airline alerted the incident to the national Indian Computer Emergency Response Team and issued a notification and apology to customers on Sunday 28 August.
The notification from the airline confirmed their actions in immediately notifying the authorities of the incident, and clarifies that the hacking attempt did not appear intentional.
Update from Akasa Air
The airline’s full statement reads as follows:
A temporary technical configuration error related to our login and sign-up service was reported to us on Thursday August 25, 2022.
As a result of this configuration error, some Akasa Air registered user information limited to names, gender, email addresses and phone numbers may have been viewed by unauthorized individuals. We can confirm that aside from the above details, no travel-related information, travel records or payment information was compromised.
We have taken the following steps to mitigate risks for current and future scenarios:
1. On being made aware of this, we immediately stopped this unauthorised access by completely shutting down the associated functional elements of our system.
Subsequently, having added additional controls to address this situation, we have resumed our login and sign-up services.
2. We self-reported the incident to CERT-In (which is the Government authorised nodal agency tasked to deal with incidents of this nature).
3. We have also notified the affected users of the above, have informed such users that this matter has been reported to CERT-In (which is the Government authorised nodal agency tasked to deal with incidents of this nature) and have advised users to be conscious of possible phishing attempts.
We would like to clarify that basis our records there was no intentional hacking attempt, but that the situation was reported by a research expert through a journalist for which we are grateful.
As a part of our commitment to be always transparent, we proactively shared this information with our customers who could have been potentially impacted.
Akasa Air management statement
Speaking on the matter of this week’s data breach incident, Anand Srinivasan, Co-Founder and Chief Information Officer at Akasa Air said: “At Akasa Air, system security and protection of customer information is paramount, and our focus is to always provide a secure and reliable customer experience.”
“While extensive protocols are in place to prevent incidents of such nature, we have undertaken additional measures to ensure that the security of all our systems is even further enhanced.”
“We will continue to maintain our robust security protocols, engaging wherever applicable, with partners, researchers, and security experts from whom we can benefit to strengthen our systems”.
Unfortunate incident for budding new airline
This week’s data breach incident is an unfortunate one for the new airline, but hopefully will not be insurmountable.
Akasa Air have launched themselves with a positive operating culture with a sensitivity toward transforming the aviation sector ecosystem and providing warm and efficient customer service.
The quick actions and transparency in dealing with this week’s data breach incident stand testament to the new start-up’s operating culture.
The airline celebrated its inaugural launch just a month ago, and AviationSource writer Gaurav Gowda joined them aboard their flight from Bengaluru to Kochi.