According to minister Fahmi Fadzil, the ministryβs investigation team, consisting of the Department of Personal Data Protection (JPDP) and CyberSecurity Malaysia (CSM), began discussions regarding the incident with Capital A, AirAsiaβs parent company, on 1 December. Initial investigations indicate that the companyβs server system was indeed accessed by an unauthorised party on 12 November with the potential for data leaks.
ππππππππ πππππππππππ ππππππππππ πππ πππππππ ππ ππππ πππππππ πππππππ πππππππππ ππππ ππππππππ πππππππππ πππ ππππππππππ πππππππ pic.twitter.com/N37gti52Nk β KKMM (@kkmm_gov) December 10, 2022 Following the discussions, Capital A has been instructed to turn over any documents and computerised data related to the case. Fahmi stressed that further investigations will be conducted to track down the source of the breach in addition to assessing the overall impact of the incident. We wonβt know anything else for a while as the minister stated that no further details of the case would be revealed while investigations are ongoing, as to avoid legal implications and disrupting the investigation. Fahmi added that all data usersΒ should constantly monitor and improve aspects of cybersecurity from time to time by ensuring that system infrastructure, databases, and networks are updated and secure. Daixin, in an interview with DataBreaches.net, said that it actually reached out to AirAsia and received a response. The amount of the ransom wasnβt revealed, though the group mentioned that the carrier had no intention of paying up to delete the data. Daixinβs representative lamented AirAsiaβs disorganised network, stating that they would not repeat the attack due to the chaos and lack of standards. The company confirmed the cyberattack in a statement a few days later but did not disclose how much personal data exactly was stolen.
