Some Akasa Air passengers' private information, including names, gender, email addresses, and phone numbers, was exposed to unauthorized individuals, the airline said on Sunday. The newest carrier in India claimed it reported the incident on its own to the government-authorized nodal organization entrusted with handling cases of this sort, the Indian Computer Emergency Response Team CERT-In.
Ashutosh Barot, a cyber security researcher located in Mumbai who serves as Deputy Manager at a premier international consulting business, was the subject of the investigation. On August 7, the day Akasa Air conducted its maiden commercial flight, he discovered the leak while taking a break from work. He claimed he made an attempt to contact Akasa Air the very following day by sending a personal message on Twitter.
"I was given the airline's standard email address. Since the issue involves the leakage of critical information about website visitors, I asked them to put me in touch with the security in charge", he added.
Barot informed a journalist after the airline failed to respond, and the journalist subsequently contacted Akasa Air.
"System security and the safety of client information are of the utmost importance to Akasa Air, and our goal is to always deliver a secure and dependable customer experience. The security of all our systems has been further enhanced through the implementation of additional measures," according to Anand Srinivasan, co-founder, and chief information officer of Akasa Air. Although stringent protocols are in place to prevent incidents of this nature, we have taken these additional steps nonetheless.
The business said that by entirely shutting down the system components involved in the hack, it was able to block unauthorized access. It stated that after implementing new safeguards to solve the issue, log-in and sign-up services had resumed. Additionally, Akasa stated that it is doing more evaluations to fortify its systems against similar attacks in the future.
In addition to the aforementioned information, it was made clear that no trip-related data, travel records, or payment data were exposed.
The airline announced that it has conducted extra checks to guarantee that the security of all its systems is further strengthened. The airline expects to run 150 weekly flights by the end of September.
Anand Srinivasan, the airline's chief information officer, said in a statement to the media on Sunday night that Akasa Air will "continue to maintain" its "strong" security processes and, if necessary, work with partners, researchers, and security professionals to fortify its systems.
