Akasa Air suffers data breach, personal data of thousands of travellers exposed

A glitch in the login page revealed sensitive personal data of 34,533 passengers, and was first detected by tech researcher Ashutosh Barot on August 7.

Newly launched airline firm Akasa Air has already run into some problems, with independent cybersecurity researcher Ashutosh Barot discovering a glitch in the login and sign-up service that exposed the sensitive, personal data of 34,533 unique customer records.

First reported by TechCrunch, Barot had tried to reach out to Akasa Air directly via its social media handles, but was not provided with a cybersecurity contact and was told to discuss any issues with the standard email contact, info@akasa.

However, when he finally decided to provide the story to TechCrunch, and the publication reached out to Akasa for comment, the airline quickly confirmed the number of customer records put at risk by the glitch. The company also confirmed that the exposed data did not include travel-related information or payment records.

The company also shut down its sign-up service on being informed of the potential glitch, and reported the incident to nodal cybersecurity agency CERT-in. “

I am glad the airline fixed the issue on short notice and reported it to CERT-In as well as informed its customers about the incident, which is an exemplary step,” Barot said.

"While extensive protocols are in place to prevent incidents of such nature, we have undertaken additional measures to ensure the security of all our systems is even further enhanced. We will continue to maintain our robust security protocols, engaging wherever applicable with partners, researchers, and security experts from whom we can benefit to strengthen our systems,” Anand Srinivasan, Co-founder and Chief Information Officer at Akasa Air, said in a statement to TechCrunch.

Edited by Megha Reddy