Some Akasa Air passengers' personal information, including names, genders, email addresses, and phone numbers, was divulged to "unauthorised individuals," the airline said on Sunday.
The newest carrier in India claimed it reported the incident on its own to the government-authorized nodal organisation entrusted with handling cases of this sort, the Indian Computer Emergency Response Team CERT-In.
On August 7, Akasa Air began conducting commercial flights by running its initial service on the Mumbai-Ahmedabad route using B737 Max aircraft.
Passengers who had provided their information on the airline's website to purchase tickets received emails from the company on Saturday and Sunday informing them of the leak.
“A temporary technical configuration error related to our login and sign-up service was reported on August 25. As a result, some Akasa Air registered user information limited to names, gender, email addresses and phone numbers may have been viewed by unauthorized individuals,” the airline’s email noted.
Aside from the above details, no travel-related information, travel records or payment information was compromised, it clarified.
“On being made aware of the incident, we immediately stopped this unauthorised access by completely shutting down the associated functional elements of our system. Subsequently having added additional controls to address this situation, we have resumed our login and sign-up services,” it mentioned.
The airline – which plans to operate 150 weekly flights by the end of September – said it has undertaken additional reviews to ensure that the security of all its systems is enhanced further.
“We wanted to make you aware of this situation and urge you to be vigilant against possible phishing attempts, since your information may have been accessed as a result of this incident,” it noted.
