airasia

In 2022, a data breach at AirAsia compromised the personal information of 22,205 passengers.

Airasia, a low-cost carrier based in Malaysia, revealed that a third-party vendor had leaked a database containing names, passport numbers, email addresses, and travel histories.

The affected passengers traveled on AirAsia flights between 2015 and 2019. AirAsia became aware of the breach in April 2022, but did not publicly disclose it until June. The leak was attributed to a third-party vendor who had been contracted by AirAsia to manage its IT systems. The vendors server was compromised, allowing unauthorized access to the passenger data.