Malaysian family say they were kicked off overbooked AirAsia flight 'like criminals'

[The_King]

What was supposed to be an enjoyable holiday turned into an ordeal for one Malaysian woman and her family, who found themselves unceremoniously kicked off their flight. 

The woman, Susan Yong, shared a lengthy Facebook post detailing her family's flight woes on Wednesday (Nov 23). 

They were meant to fly from Kuala Lumpur to Chiang Mai on Nov 19, but were told that their flight was overbooked during check-in. 

After some back-and-forth with AirAsia's counter staff, Yong and her family were informed that they could hop on a later flight to the same destination and were given their boarding passes. 

"My husband and I received handwritten boarding passes. No one told us why, they just said they would get our seats sorted. The airline staff also confirmed that we had seats on the plane," she wrote in Chinese.

But that was not the end of their troubles.

The moment they boarded the plane, an air stewardess informed Yong that she and her husband were on the 'no show' list but assured them that they would be taken to their seats. 

"Suddenly, a male staff member came towards us. He had a very bad attitude and told us to get off the plane, I was shocked," recounted Yong in her post. 

The man told the couple that they had no air tickets and thus had to leave. 

Yong's husband tried to reason with the staff by telling him that they were traveling with three seniors but the latter was adamant on making the couple disembark. 

As they were unwilling to budge, the staff called in security personnel. 

"When security personnel arrived, they wanted us to get off the plane even before discussing how the issue could be resolved. They didn't want to listen to us, talk about compensation, or talk about how to deal with the elderly," she said. 

The situation became tense, Yong told her elderly family members to prepare to leave the plane.

"Moments later, about six or seven security personnel appeared and they kicked us off the plane as if we were criminals. Their attitude was really bad, I was really scared," she recalled.  

The two videos shared in Yong's post show the family being forcefully moved out of the plane by security personnel. 

For the distress they were made to endure that fateful day, Yong said the airline only offered each traveler a US$100 (S$137) credit into their AirAsia account — a token that she promptly rejected.

"If AirAsia told us about the flight change earlier, we would've been able to make the necessary arrangements." 

In an update, the irate passenger said her family was offered one night's accommodation at a hotel, as well as a 12.45pm flight to Chiang Mai the following day. 

AsiaOne has contacted AirAsia for more information. 

Overbooking policy for flights 

According to the International Air Transport Association (IATA), overbooking is a practice that allows airlines to better manage revenue. 

This is because once a flight takes off, the seats on that flight are no longer available for sale — making it a "time-sensitive, perishable product". 

But there are "actions taken to minimise the impact to customers who are denied boarding", such as having a call for volunteers to give up their seats in exchange for an agreed-upon offer from the airline, IATA said.

According to AirAsia's website, in the event that the airline cancels a flight, passengers may move their flight booking to another date, subject to the airline’s ability to accommodate the change.

[Satki]

Hackers take pity on AirAsia over its ‘chaotic’ cybersecurity

Tuesday, 22 Nov, 2022 0

Around five million AirAsia passengers and employees’ data has been reportedly hacked n a ransomware attack.

 

The Daixin Team ransomware group stole personal data on Nov 11 and 12, 2022, which was first reported by DataBreaches.net.

 

Data compromised included full names, booking ID, and employee information with photos.

AirAsia has not confirmed the hack.

 

Daixin demanded a ransom to unlock it, although it seems to have taken pity on the company.

It won’t hack AirAsia again due to ‘the chaotic organization of the network and absence of any standards.’

Daixin said it chose not to lock up critical files related to flying equipment that could compromise safety.

It gained access to much more data but because of AirAsia’s chaotic data infrastructure, decided it was too time consuming.

 

“The internal network was configured without any rules and as a result worked very poorly. At the same time, the network protection was very, very weak,” the ransomware group told DataBreaches.

[Satki]

AirAsia hit by ransomware attack, five million passenger and employee data compromised

Surin Murugiah

/

theedgemarkets.com

November 23, 2022 08:53 am +08

 

 

 

 

^-A ⁺A

 

KUALA LUMPUR (Nov 23): AirAsia Group fell victim to a ransomware attack earlier this month on Nov 11 and 12 by Daixin Team.

 

According to DataBreaches, a site that reports data breaches incidents worldwide, on Nov 19 the threat actors, who were the topic of a recent US Cybersecurity and Infrastructure Security Agency alert, informed DataBreaches that they obtained the personal data of 5 million unique passengers and all employees.

DataBreaches said it was provided with two .csv files that Daixin Team also provided to AirAsia Group.

It said one file contained information on named passengers.

 

The second file contained employee information with numerous fields that included name, date of birth, country of birth, location, date employment started, their “secret question,” “answer,” and salt.

Citing a Daixin spokesperson, DataBreaches said AirAsia responded to the attack.

 

They reportedly entered the chat quickly, asked Daixin’s negotiator for an example of the data, and after receiving the sample, “asked in great detail how we would delete their data in case of payment.”

 

AirAsia reportedly did not try to negotiate the amount, which may indicate that they never had any intention of paying anything.

 

‘Usually everyone wants to negotiate a smaller amount,” the spokesperson told DataBreaches.

 

DataBreaches said it does not know how much Daixin Team demanded to provide a decryption key, delete all data they had exfiltrated, and inform AirAsia Group of the vulnerabilities that had been found and exploited.

The firm said that over the past few years, Malaysian entities have often been targets of cyberattacks, as the number of databases and leaks on hacking-related forums or a search of this site attests.

 

It said AirAsia Group is not the only Malaysian air carrier to suffer a breach.

 

Malaysia Airlines disclosed data security incidents in both 2020 and 2021.

 

As of January 2022, AirAsia Group became Capital A Berhad, operating as AirAsia.

 

AirAsia is the largest airline in Malaysia by fleet size and destinations.