AirAsia
Company Details
Linkedin ID:
airasia
Website:
Employees number:
13,494
Number of followers:
818,883
NAICS:
481
Industry Type:
Homepage:
airasia.com
IP Addresses:
0
Company ID:
AIR_3357924
Scan Status:
In-progress
AirAsia Company CyberSecurity Posture
airasia.com
It all starts here. 23 years ago, a dream took flight - shaping and forever changing the travel industry in Asia. The idea was simple: Make flying affordable for everyone. We made that dream happen. We started an airline in 2001. Today, we’ve evolved to become something much bigger. We’re now a world-class brand, a leading Asean airline, a digital travel and lifestyle platform; and we’re not stopping. If you’re passionate about connecting people and transforming lives, we want you onboard. When it comes to your career, your Allstar journey will be an adventure. Find your dream career destination with us.
AirAsia A.I CyberSecurity Scoring
AirAsia Risk Score (AI oriented)Between 700 and 749
AirAsia
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
AirAsia Global Score (TPRM)XXXX
AirAsia
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
AirAsia Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
AirAsia
Ransomware
Rankiteo Explanation
Attack threatening the organization's existence
Description: AirAsia Group was targeted by Daixin ransomware group that exposed 5M UNIQUE Passenger personal data, and all employee's personal data leaked. The exposed information includes the date of birth, country of birth, where that person is from when employed for employees and the “secret question and answer” used to secure accounts. The group claims that after encrypting its database and requesting an unspecified price to unlock it and reveal how it gained access to the network, it gave AirAsia a sample of the data. In order to avoid encrypting or destroying anything that would be life-threatening, Daixin Team stated it had avoided locking up crucial files linked to flying equipment. However, it has entirely restricted access to staff and passenger records until payment has been received.
AirAsia Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for AirAsia
Incidents vs Airlines and Aviation Industry Average (This Year)
No incidents recorded for AirAsia in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for AirAsia in 2025.
Incident Types AirAsia vs Airlines and Aviation Industry Avg (This Year)
No incidents recorded for AirAsia in 2025.
Incident History — AirAsia (X = Date, Y = Severity)
AirAsia cyber incidents detection timeline including parent company and subsidiaries
AirAsia Company Subsidiaries
It all starts here. 23 years ago, a dream took flight - shaping and forever changing the travel industry in Asia. The idea was simple: Make flying affordable for everyone. We made that dream happen. We started an airline in 2001. Today, we’ve evolved to become something much bigger. We’re now a world-class brand, a leading Asean airline, a digital travel and lifestyle platform; and we’re not stopping. If you’re passionate about connecting people and transforming lives, we want you onboard. When it comes to your career, your Allstar journey will be an adventure. Find your dream career destination with us.
Loading...
AirAsia Similar Companies
Ryanair - Europe's Favourite Airline
Ryanair Holdings plc, Europe’s largest airline group, is the parent company of Ryanair DAC, Lauda, Buzz and Ryanair UK. Carrying 160m+ guests p.a. on over 3,000 daily flights to/from 225 airports. Plan to carry 225m+ guests p.a. by 2026. Unfortunately, we are unable to answer customer service que
SAUDI AIRLINES
At Saudia Group, we're on a mission to inspire people to go beyond borders. Our purpose is rooted in unlocking human potential and connecting the world in ways never thought possible. We are committed to reshaping the aviation ecosystem in our region and beyond, by embracing innovation and a custome
gategourmet
gategourmet has been serving the airline industry for more than 70 years and has become the world’s largest independent provider of airline catering and logistics. We prepare tens of thousands of tasty, nutritious passenger meals and snacks daily and reliably service more than 2 million flights a ye
Canada's largest airline, the country’s flag carrier and a founding member of Star Alliance, the world's most comprehensive air transportation network celebrating its 25thanniversary in 2022, Air Canada provides scheduled passenger service directly to 51 airports in Canada, 51 in the United States a
Delta Air Lines
Delta Air Lines (NYSE: DAL) is the U.S. global airline leader in safety, innovation, reliability and customer experience. Powered by our employees around the world, Delta has for a decade led the airline industry in operational excellence while maintaining our reputation for award-winning customer s
easyJet
We’re on a mission to make low-cost travel easy. Whatever your role, you’ll connect millions of people to what they love using Europe’s best airline network, great value fares, and friendly service. And to help us get there we’ll give you everything you need to make a personal impact on our growing
Lufthansa is one of the world’s leading airlines, connecting passengers to over 200 destinations across 74 countries from our hubs in Frankfurt and Munich. As an industry pioneer, we are committed to shaping the future of sustainable aviation, investing in next-generation aircraft, cutting-edge tec
Emirates
Based in Dubai, the Emirates Group employs over 103,363 staff from more than 160 nationalities. The Emirates Group’s extensive and diverse international portfolio includes the world’s largest international airline, Emirates, and one of the largest combined air services provider in the world, dnata.
!BIenvenido al sitio oficial! Avianca es la primera aerolínea comercial fundada en las Américas y la segunda en el mundo. Enfocados en alcanzar la excelencia y eficiencia operacional, se dio marcha a una profunda reorganización de los procesos, la cual ha estado acompañada de la modernización
.png)
AirAsia CyberSecurity News
November 03, 2025 08:00 AM
Former AirAsia steward wins RM31,920 for unfair dismissal
KUALA LUMPUR: A former AirAsia steward has won RM31,920 in compensation after the Industrial Court ruled his dismissal over private social...
February 14, 2025 08:00 AM
AirAsia MOVE's monthly active users and number of transactions up quarter on quarter in fourth quarter 2024
Malaysia-based Capital A's online travel agent (OTA) platform AirAsia MOVE has achieved higher monthly active users (MAUs) and number of...
September 29, 2024 04:52 AM
Thailand affected by Microsoft cloud outage
Thailand has been affected today by a Microsoft cloud service outage, apparently triggered by software distributed by cybersecurity firm CrowdStrike,...
August 30, 2024 07:00 AM
Capital A chief hasn't forgotten about Microsoft outage, still expects compensation
Capital A Bhd (KL:CAPITALA) said it has sought legal advice from a US law firm to seek compensation from US cybersecurity firm CrowdStrike...
July 25, 2024 07:00 AM
AirAsia’s Tony Fernandes wants Microsoft compensation for the CrowdStrike outage: ‘If I delay my flight, you would come after me for a refund’
AirAsia's Tony Fernandes wants Microsoft compensation for the CrowdStrike outage: 'If I delay my flight, you would come after me for a refund'
July 22, 2024 07:00 AM
China unscathed by CrowdStrike-Microsoft outage on back of cybersecurity drive
Emerging largely unharmed from the global tech disruption shows that mainland China's push for 'safe and controllable' computing systems has...
July 22, 2024 07:00 AM
AirAsia says operations back to normal following global IT outage
AirAsia, the low-cost airline under Capital A Bhd (KL:CAPITALA), said operations are back to normal on Monday, after recovering all of its...
July 20, 2024 07:00 AM
PH airports disrupted as procedures go manual due to global cyber outage
Airports in the Philippines experienced congestion and flight disruptions due to the global cyber outage which resulted in some procedures needing to be done...
July 20, 2024 07:00 AM
Global IT outage: AirAsia resumes online check-in, says deputy group CEO
AirAsia has resumed its online check-in operation at 2pm on Saturday (July 20), after the carrier was thrown into turmoil by a global information technology (...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
AirAsia CyberSecurity History Information
Official Website of AirAsia
The official website of AirAsia is http://www.airasia.com.
AirAsia’s AI-Generated Cybersecurity Score
According to Rankiteo, AirAsia’s AI-generated cybersecurity score is 731, reflecting their Moderate security posture.
How many security badges does AirAsia’ have ?
According to Rankiteo, AirAsia currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does AirAsia have SOC 2 Type 1 certification ?
According to Rankiteo, AirAsia is not certified under SOC 2 Type 1.
Does AirAsia have SOC 2 Type 2 certification ?
According to Rankiteo, AirAsia does not hold a SOC 2 Type 2 certification.
Does AirAsia comply with GDPR ?
According to Rankiteo, AirAsia is not listed as GDPR compliant.
Does AirAsia have PCI DSS certification ?
According to Rankiteo, AirAsia does not currently maintain PCI DSS compliance.
Does AirAsia comply with HIPAA ?
According to Rankiteo, AirAsia is not compliant with HIPAA regulations.
Does AirAsia have ISO 27001 certification ?
According to Rankiteo,AirAsia is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of AirAsia
AirAsia operates primarily in the Airlines and Aviation industry.
Number of Employees at AirAsia
AirAsia employs approximately 13,494 people worldwide.
Subsidiaries Owned by AirAsia
AirAsia presently has no subsidiaries across any sectors.
AirAsia’s LinkedIn Followers
AirAsia’s official LinkedIn profile has approximately 818,883 followers.
NAICS Classification of AirAsia
AirAsia is classified under the NAICS code 481, which corresponds to Air Transportation.
AirAsia’s Presence on Crunchbase
No, AirAsia does not have a profile on Crunchbase.
AirAsia’s Presence on LinkedIn
Yes, AirAsia maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/airasia.
Cybersecurity Incidents Involving AirAsia
As of December 02, 2025, Rankiteo reports that AirAsia has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
AirAsia has an estimated 3,399 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at AirAsia ?
Incident Types: The types of cybersecurity incidents that have occurred include Ransomware.
Incident Details
Can you provide details on each incident ?
Title: AirAsia Group Data Breach by Daixin Ransomware
Description: AirAsia Group was targeted by Daixin ransomware group that exposed 5 million unique passenger personal data, and all employee's personal data leaked. The exposed information includes the date of birth, country of birth, where that person is from when employed for employees and the “secret question and answer” used to secure accounts. The group claims that after encrypting its database and requesting an unspecified price to unlock it and reveal how it gained access to the network, it gave AirAsia a sample of the data. In order to avoid encrypting or destroying anything that would be life-threatening, Daixin Team stated it had avoided locking up crucial files linked to flying equipment. However, it has entirely restricted access to staff and passenger records until payment has been received.
Type: Ransomware
Threat Actor: Daixin Ransomware Group
Motivation: Financial Gain
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Ransomware.
Impact of the Incidents
What was the impact of each incident ?
Incident : Ransomware AIR1013221122
Data Compromised: Passenger personal data, Employee personal data
Systems Affected: Database
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Data and .
Which entities were affected by each incident ?
Incident : Ransomware AIR1013221122
Entity Name: AirAsia Group
Entity Type: Airline
Industry: Aviation
Customers Affected: 5 million passengers and all employees
Data Breach Information
What type of data was compromised in each breach ?
Incident : Ransomware AIR1013221122
Type of Data Compromised: Personal data
Number of Records Exposed: 5 million unique passenger personal data, All employee personal data
Sensitivity of Data: High
Personally Identifiable Information: Date of birthCountry of birthEmployment locationSecret question and answer
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Ransomware AIR1013221122
Ransom Demanded: Unspecified price
Ransomware Strain: Daixin
Data Encryption: Yes
Data Exfiltration: Yes
Additional Questions
General Information
What was the amount of the last ransom demanded ?
Last Ransom Demanded: The amount of the last ransom demanded was Unspecified price.
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Daixin Ransomware Group.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Passenger personal data, Employee personal data and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Database.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Passenger personal data and Employee personal data.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 5.0M.
Ransomware Information
What was the highest ransom demanded in a ransomware incident ?
Highest Ransom Demanded: The highest ransom demanded in a ransomware incident was Unspecified price.
.png)
Latest Global CVEs (Not Company-Specific)
Description
vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.11.1, vllm has a critical remote code execution vector in a config class named Nemotron_Nano_VL_Config. When vllm loads a model config that contains an auto_map entry, the config class resolves that mapping with get_class_from_dynamic_module(...) and immediately instantiates the returned class. This fetches and executes Python from the remote repository referenced in the auto_map string. Crucially, this happens even when the caller explicitly sets trust_remote_code=False in vllm.transformers_utils.config.get_config. In practice, an attacker can publish a benign-looking frontend repo whose config.json points via auto_map to a separate malicious backend repo; loading the frontend will silently run the backend’s code on the victim host. This vulnerability is fixed in 0.11.1.
Risk Information
cvss3
Base: 7.1
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Description
fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. Prior to 12.5.0, by crafting a malicious URL, an attacker could access routes that are not allowed, even though the reply.from is defined for specific routes in @fastify/reply-from. This vulnerability is fixed in 12.5.0.
Risk Information
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 21.0.2, 20.3.15, and 19.2.17, A Stored Cross-Site Scripting (XSS) vulnerability has been identified in the Angular Template Compiler. It occurs because the compiler's internal security schema is incomplete, allowing attackers to bypass Angular's built-in security sanitization. Specifically, the schema fails to classify certain URL-holding attributes (e.g., those that could contain javascript: URLs) as requiring strict URL security, enabling the injection of malicious scripts. This vulnerability is fixed in 21.0.2, 20.3.15, and 19.2.17.
Risk Information
cvss4
Base: 8.5
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Gin-vue-admin is a backstage management system based on vue and gin. In 2.8.6 and earlier, attackers can delete any file on the server at will, causing damage or unavailability of server resources. Attackers can control the 'FileMd5' parameter to delete any file and folder.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Portkey.ai Gateway is a blazing fast AI Gateway with integrated guardrails. Prior to 1.14.0, the gateway determined the destination baseURL by prioritizing the value in the x-portkey-custom-host request header. The proxy route then appends the client-specified path to perform an external fetch. This can be maliciously used by users for SSRF attacks. This vulnerability is fixed in 1.14.0.
Risk Information
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=airasia' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
