AirAsia
Company Details
Linkedin ID:
airasia
Website:
Employees number:
13,494
Number of followers:
818,883
NAICS:
481
Industry Type:
Homepage:
airasia.com
IP Addresses:
0
Company ID:
AIR_3357924
Scan Status:
In-progress
AirAsia Company CyberSecurity Posture
airasia.com
It all starts here. 23 years ago, a dream took flight - shaping and forever changing the travel industry in Asia. The idea was simple: Make flying affordable for everyone. We made that dream happen. We started an airline in 2001. Today, we’ve evolved to become something much bigger. We’re now a world-class brand, a leading Asean airline, a digital travel and lifestyle platform; and we’re not stopping. If you’re passionate about connecting people and transforming lives, we want you onboard. When it comes to your career, your Allstar journey will be an adventure. Find your dream career destination with us.
AirAsia A.I CyberSecurity Scoring
AirAsia Risk Score (AI oriented)Between 700 and 749
AirAsia
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
AirAsia Global Score (TPRM)XXXX
AirAsia
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
AirAsia Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
AirAsia
Ransomware
Rankiteo Explanation
Attack threatening the organization's existence
Description: AirAsia Group was targeted by Daixin ransomware group that exposed 5M UNIQUE Passenger personal data, and all employee's personal data leaked. The exposed information includes the date of birth, country of birth, where that person is from when employed for employees and the “secret question and answer” used to secure accounts. The group claims that after encrypting its database and requesting an unspecified price to unlock it and reveal how it gained access to the network, it gave AirAsia a sample of the data. In order to avoid encrypting or destroying anything that would be life-threatening, Daixin Team stated it had avoided locking up crucial files linked to flying equipment. However, it has entirely restricted access to staff and passenger records until payment has been received.
AirAsia Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for AirAsia
Incidents vs Airlines and Aviation Industry Average (This Year)
No incidents recorded for AirAsia in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for AirAsia in 2025.
Incident Types AirAsia vs Airlines and Aviation Industry Avg (This Year)
No incidents recorded for AirAsia in 2025.
Incident History — AirAsia (X = Date, Y = Severity)
AirAsia cyber incidents detection timeline including parent company and subsidiaries
AirAsia Company Subsidiaries
It all starts here. 23 years ago, a dream took flight - shaping and forever changing the travel industry in Asia. The idea was simple: Make flying affordable for everyone. We made that dream happen. We started an airline in 2001. Today, we’ve evolved to become something much bigger. We’re now a world-class brand, a leading Asean airline, a digital travel and lifestyle platform; and we’re not stopping. If you’re passionate about connecting people and transforming lives, we want you onboard. When it comes to your career, your Allstar journey will be an adventure. Find your dream career destination with us.
Loading...
AirAsia Similar Companies
Delta Air Lines
Delta Air Lines (NYSE: DAL) is the U.S. global airline leader in safety, innovation, reliability and customer experience. Powered by our employees around the world, Delta has for a decade led the airline industry in operational excellence while maintaining our reputation for award-winning customer s
American Airlines
Embark on an adventure with a commitment to service, excellence and humanity. Our team is what powers our airline. We are proudly dedicated to our purpose of caring for people on life’s journey, including connecting our customers to the people and places they love or providing our team members devel
Emirates
Based in Dubai, the Emirates Group employs over 103,363 staff from more than 160 nationalities. The Emirates Group’s extensive and diverse international portfolio includes the world’s largest international airline, Emirates, and one of the largest combined air services provider in the world, dnata.
SpiceJet Limited
Red. Hot. Spicy. That’s not just our tagline, it’s how we fly. Red reflects the bold spirit we bring to every journey, energetic, passionate, and full of heart. Hot captures the warmth of our service and the vibrant destinations we connect. Spicy is our drive to keep travel exciting through innovati
China Eastern Airlines, North America
As one of the three major air carriers in China, headquartered in Shanghai, China Eastern Airlines operates 111 domestic and overseas branches across the globe. Flying a fleet of 730 aircraft which is one of the youngest fleets in major airlines worldwide. Moreover, it boasts the largest-scale in-fl
gategourmet
gategourmet has been serving the airline industry for more than 70 years and has become the world’s largest independent provider of airline catering and logistics. We prepare tens of thousands of tasty, nutritious passenger meals and snacks daily and reliably service more than 2 million flights a ye
easyJet
We’re on a mission to make low-cost travel easy. Whatever your role, you’ll connect millions of people to what they love using Europe’s best airline network, great value fares, and friendly service. And to help us get there we’ll give you everything you need to make a personal impact on our growing
JetBlue
When JetBlue first took flight in February 2000, our founding goal was to bring humanity back to air travel, and over two decades later, we still put our customers, crewmembers and communities at the center of everything we do. Before we even had aircraft to fly, our founders selected five values
Ryanair - Europe's Favourite Airline
Ryanair Holdings plc, Europe’s largest airline group, is the parent company of Ryanair DAC, Lauda, Buzz and Ryanair UK. Carrying 160m+ guests p.a. on over 3,000 daily flights to/from 225 airports. Plan to carry 225m+ guests p.a. by 2026. Unfortunately, we are unable to answer customer service que
.png)
AirAsia CyberSecurity News
November 11, 2025 08:00 AM
Malaysia Elevates Aviation Security With New Cyber Framework
Malaysia has launched the Civil Aviation Authority of Malaysia (CAAM) Cybersecurity Framework and Policy, a move designed to bolster the...
November 03, 2025 08:00 AM
Former AirAsia steward wins RM31,920 for unfair dismissal
KUALA LUMPUR: A former AirAsia steward has won RM31,920 in compensation after the Industrial Court ruled his dismissal over private social...
February 14, 2025 08:00 AM
AirAsia MOVE's monthly active users and number of transactions up quarter on quarter in fourth quarter 2024
Malaysia-based Capital A's online travel agent (OTA) platform AirAsia MOVE has achieved higher monthly active users (MAUs) and number of...
January 27, 2025 08:00 AM
AirAsia plans MRO facility in Philippines — DoF
The AirAsia group has expressed plans to establish a maintenance, repair, and operations (MRO) facility in the Philippines, according to the Department of...
August 30, 2024 07:00 AM
Capital A chief hasn't forgotten about Microsoft outage, still expects compensation
Capital A Bhd (KL:CAPITALA) said it has sought legal advice from a US law firm to seek compensation from US cybersecurity firm CrowdStrike...
July 29, 2024 07:00 AM
Worldwide IT outage was digital red flag
The worldwide IT outage on July 19 caused by a faulty software update issued by cybersecurity firm CrowdStrike Holdings has served as a wake-up call to local...
July 25, 2024 07:00 AM
AirAsia’s Tony Fernandes wants Microsoft compensation for the CrowdStrike outage: ‘If I delay my flight, you would come after me for a refund’
On Friday, a flawed update from U.S. cybersecurity company CrowdStrike crashed Windows PCs all over the world, with computers displaying the...
July 22, 2024 07:00 AM
China unscathed by CrowdStrike-Microsoft outage on back of cybersecurity drive
Emerging largely unharmed from the global tech disruption shows that mainland China's push for 'safe and controllable' computing systems has...
July 22, 2024 07:00 AM
Capital A chief Fernandes demands answers from Microsoft with airlines losing ‘millions’ in global IT outage
AirAsia's parent Capital A Chief Executive Officer Tony Fernandes has demanded answers and compensation from Microsoft after the global IT...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
AirAsia CyberSecurity History Information
Official Website of AirAsia
The official website of AirAsia is http://www.airasia.com.
AirAsia’s AI-Generated Cybersecurity Score
According to Rankiteo, AirAsia’s AI-generated cybersecurity score is 732, reflecting their Moderate security posture.
How many security badges does AirAsia’ have ?
According to Rankiteo, AirAsia currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does AirAsia have SOC 2 Type 1 certification ?
According to Rankiteo, AirAsia is not certified under SOC 2 Type 1.
Does AirAsia have SOC 2 Type 2 certification ?
According to Rankiteo, AirAsia does not hold a SOC 2 Type 2 certification.
Does AirAsia comply with GDPR ?
According to Rankiteo, AirAsia is not listed as GDPR compliant.
Does AirAsia have PCI DSS certification ?
According to Rankiteo, AirAsia does not currently maintain PCI DSS compliance.
Does AirAsia comply with HIPAA ?
According to Rankiteo, AirAsia is not compliant with HIPAA regulations.
Does AirAsia have ISO 27001 certification ?
According to Rankiteo,AirAsia is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of AirAsia
AirAsia operates primarily in the Airlines and Aviation industry.
Number of Employees at AirAsia
AirAsia employs approximately 13,494 people worldwide.
Subsidiaries Owned by AirAsia
AirAsia presently has no subsidiaries across any sectors.
AirAsia’s LinkedIn Followers
AirAsia’s official LinkedIn profile has approximately 818,883 followers.
NAICS Classification of AirAsia
AirAsia is classified under the NAICS code 481, which corresponds to Air Transportation.
AirAsia’s Presence on Crunchbase
No, AirAsia does not have a profile on Crunchbase.
AirAsia’s Presence on LinkedIn
Yes, AirAsia maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/airasia.
Cybersecurity Incidents Involving AirAsia
As of December 11, 2025, Rankiteo reports that AirAsia has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
AirAsia has an estimated 3,515 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at AirAsia ?
Incident Types: The types of cybersecurity incidents that have occurred include Ransomware.
Incident Details
Can you provide details on each incident ?
Title: AirAsia Group Data Breach by Daixin Ransomware
Description: AirAsia Group was targeted by Daixin ransomware group that exposed 5 million unique passenger personal data, and all employee's personal data leaked. The exposed information includes the date of birth, country of birth, where that person is from when employed for employees and the “secret question and answer” used to secure accounts. The group claims that after encrypting its database and requesting an unspecified price to unlock it and reveal how it gained access to the network, it gave AirAsia a sample of the data. In order to avoid encrypting or destroying anything that would be life-threatening, Daixin Team stated it had avoided locking up crucial files linked to flying equipment. However, it has entirely restricted access to staff and passenger records until payment has been received.
Type: Ransomware
Threat Actor: Daixin Ransomware Group
Motivation: Financial Gain
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Ransomware.
Impact of the Incidents
What was the impact of each incident ?
Incident : Ransomware AIR1013221122
Data Compromised: Passenger personal data, Employee personal data
Systems Affected: Database
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Data and .
Which entities were affected by each incident ?
Incident : Ransomware AIR1013221122
Entity Name: AirAsia Group
Entity Type: Airline
Industry: Aviation
Customers Affected: 5 million passengers and all employees
Data Breach Information
What type of data was compromised in each breach ?
Incident : Ransomware AIR1013221122
Type of Data Compromised: Personal data
Number of Records Exposed: 5 million unique passenger personal data, All employee personal data
Sensitivity of Data: High
Personally Identifiable Information: Date of birthCountry of birthEmployment locationSecret question and answer
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Ransomware AIR1013221122
Ransom Demanded: Unspecified price
Ransomware Strain: Daixin
Data Encryption: Yes
Data Exfiltration: Yes
Additional Questions
General Information
What was the amount of the last ransom demanded ?
Last Ransom Demanded: The amount of the last ransom demanded was Unspecified price.
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Daixin Ransomware Group.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Passenger personal data, Employee personal data and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Database.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Employee personal data and Passenger personal data.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 5.0M.
Ransomware Information
What was the highest ransom demanded in a ransomware incident ?
Highest Ransom Demanded: The highest ransom demanded in a ransomware incident was Unspecified price.
.png)
Latest Global CVEs (Not Company-Specific)
Description
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. (This is the app_password parameter). Depending on local configuration, this password could be the extension, voicemail, user manager, DPMA or EPM phone admin password. This issue is fixed in versions 16.0.96 and 17.0.10.
Risk Information
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare() + execute() without semantic restrictions. This is consistent with the name (“write tool”), but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause execution of destructive queries such as DROP TABLE, TRUNCATE, DELETE, ALTER, or privilege-related statements (subject to DB permissions). Deployments that expose an agent with MySQLWriteTool enabled to untrusted input and/or run the tool with a DB user that has broad privileges are impacted. This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 9.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool (e.g., for LLM agent querying, however, validation based on the first keyword (e.g., SELECT) and a forbidden-keyword list does not block file-writing constructs such as INTO OUTFILE / INTO DUMPFILE. As a result, an attacker who can influence the tool input (e.g., via prompt injection through a public agent endpoint) may write arbitrary files to the DB server if the MySQL/MariaDB account has the FILE privilege and server configuration permits writes to a useful location (e.g., a web-accessible directory). This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Description
Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. This issue is fixed in version 20.0.1.
Risk Information
cvss3
Base: 8.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
Description
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in versions 4.11.2 and 4.12.1.
Risk Information
cvss3
Base: 5.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=airasia' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
