For those who missed the story, the Daixin ransomware group claimed that it attacked the AirAsia network on 11 and 12 November. Through the attack, the group said that it was able to obtain a set of data that contains five million customers as well as all of AirAsia’s employees. In an interview with DataBreaches.net, Daixin’s spokesperson noted that AirAsia’s network was actually so disorganized to the extent that the group felt discouraged to perform further attacks. Nevertheless, the group also said that the company’s network protection was very weak. [Image: FalconFeedsio / Twitter.]We reached out to AirAsia on 21 November to obtain further clarification but didn’t receive any reply until today when an AirAsia representative reached out and pointed to us to a statement on Bursa Malaysia’s website. However, the statement did not make any reference to our story. Instead, it referred to the reports by The Edge Markets and The Star that were just published yesterday. Nevertheless, the contents of both stories as well as their sources were similar to our article that was published last Sunday. Here is a full reproduction of the statement that Capital A has submitted to Bursa: As you can clearly see in the statement, Capital A admitted that the attack happened but stopped short of disclosing whether millions of personal data have really been stolen by Daixin during the incident. We refer to the following news articles entitled: The Company wishes to clarify that the cyber attack was on redundant systems and did not affect our critical systems. The Company had taken all measures to immediately resolve this data incident and prevent such future incidents. There had been no operational or financial impact to the Company arising from this. This announcement is dated 24 November 2022. We are now attempting to obtain additional clarification from Capital A regarding this. At the same time, we are also reaching out to the Department of Personal Data Protection for their take on this incident since Capital A seemed to be reluctant on disclosing the status of the personal data that was hit by the ransomware incident.

AirAsia Confirms Cyberattack Incident Without Addressing The Leakage Of Stolen Personal Data - 29