Akasa Air suffers data breach, cautions users on phishing attempts

Late billionaire Rakesh Jhunjhunwala-founded Akasa Air has reported a "temporary technical configuration error" related to its login and sign-up service.

"As a result of this configuration error, some Akasa Air registered user information limited to names, gender, email addresses and phone numbers may have been viewed by unauthorized individuals," the airline says in a statement.

The low-cost carrier, which began operations earlier in August, clarified that aside from the above details, no travel-related information, travel records or payment information was compromised.

Akasa Air says it has taken a number of steps to mitigate risks for current and future scenarios. "On being made aware of this, we immediately stopped this unauthorised access by completely shutting down the associated functional elements of our system. Subsequently, having added additional controls to address this situation, we have resumed our login and sign-up services," the airline says.

The airline self-reported the incident to CERT-In, the government authorised nodal agency tasked to deal with incidents of data breach. "We have also notified the affected users of the above, have informed such users that this matter has been reported to CERT-In and have advised users to be conscious of possible phishing attempts," the airline says.

The company, however, has denied any hacking attempt. "We would like to clarify that basis our records there was no intentional hacking attempt, but that the situation was reported by a research expert through a journalist for which we are grateful. As a part of our commitment to be always transparent, we proactively shared this information with our customers who could have been potentially impacted," the carrier says.

"At Akasa Air, system security and protection of customer information is paramount, and our focus is to always provide a secure and reliable customer experience. While extensive protocols are in place to prevent incidents of such nature, we have undertaken additional measures to ensure that the security of all our systems is even further enhanced. We will continue to maintain our robust security protocols, engaging wherever applicable, with partners, researchers, and security experts from whom we can benefit to strengthen our systems," says Anand Srinivasan, co-founder and chief information officer at Akasa Air.

Akasa Air received its air operator certificate (AOC or licence) from the aviation regulator Directorate General of Civil Aviation (DGCA) in July. India’s newest airline intends to operate a fleet of 72 Boeing 737 MAX aircraft, which are to be delivered over the course of five years. Akasa Air received the delivery of its first aircraft on June 21. The airline is scheduled to receive 18 aircraft from Boeing by March 2023, followed by delivery of the remaining 54 aircraft over the course of next four years.