Privacy commission says no Filipino data involved in AirAsia cyber attack

The National Privacy Commission (NPC) said Thursday there is no Filipino data involved in the reported cyber attack against Malaysia-based low-cost carrier AirAsia Group (Capital A).

Malaysian news outlets reported that AirAsia Group has been compromised by a ransomware attack affecting personal data of five million passengers and employees.

In response to reporters queries, the NPC said AirAsia Philippines, AirAsia Group’s local unit in the country, submitted a breach notification through its Data Breach Notification Management System (DBNMS) online platform on November 23, 2022.”

The date of discovery is on November 20, 2022.

“Per initial findings, there is no indication that there is Filipino data involved,” the NPC said.

In a separate statement, AirAsia Philippines said, “We assure our guests that no sensitive data such as passwords or financial information were compromised.”

The airline said AirAsia Group is reinforcing its cybersecurity system following the recent ransomware attack.

“It’s business as usual in AirAsia Philippines. We are working closely with the National Privacy Commission on the aforementioned incident,” AirAsia Philippines said.

“Our company has added rigorous precautionary measures to prevent incidents like this from happening again,” it added. — RSJ, GMA Integrated News