In a “self reported” incident Akasa Air, which started operations less than a month ago, shared that it has suffered data breach resulting in certain customer information being accessed by unauthorised individuals.
The airline on Sunday apologised for the data breach and said the incident has been “self-reported” to the nodal agency, the Indian Computer Emergency Response Team (CERT-In).
“A temporary technical configuration error related to our login and sign-up service was reported to us on Thursday August 25, 2022,” the airline shared in an official communication.
“As a result of this configuration error, some Akasa Air registered user information limited to names, gender, email addresses and phone numbers may have been viewed by unauthorised individuals. We can confirm that aside from the above details, no travel-related information, travel records or payment information was compromised,” it said.
Akasa Air also said that based on its records, there was “no intentional hacking attempt” but has advised users to be conscious of possible phishing attempts.
On being made aware of the incident, Akasa Air said it immediately stopped this unauthorised access by completely shutting down the associated functional elements of its system. Subsequently, having added additional controls to address this situation, we have resumed our login and sign-up, the communication said.
“We would like to clarify that basis our records there was no intentional hacking attempt, but that the situation was reported by a research expert through a journalist for which we are grateful,” Akasa Air’s Co-Founder and Chief Information Officer Anand Srinivasan said in a statement.
He also said the information was proactively shared with customers who could have been potentially impacted. Specific details about the incident could not be immediately ascertained. The system security and protection of customer information is paramount at the airline, Srinivasan said.
“While extensive protocols are in place to prevent incidents of such nature, we have undertaken additional measures to ensure that the security of all our systems is even further enhanced,” he said in the statement.
Akasa Air also said the system security and protection of customer information is paramount. “We sincerely apologise to you for any inconvenience caused as a result of this,” it added.
Akasa Air, the first Indian carrier to be launched in nearly a decade, operated its inaugural flight on August 7 from Mumbai to Ahmedabad.