AirAsia
Company Details
Linkedin ID:
airasia
Website:
Employees number:
14,175
Number of followers:
909,225
NAICS:
481
Industry Type:
Homepage:
airasia.com
IP Addresses:
0
Company ID:
AIR_3357924
Scan Status:
In-progress
AirAsia Company CyberSecurity Posture
airasia.com
It all starts here. 23 years ago, a dream took flight - shaping and forever changing the travel industry in Asia. The idea was simple: Make flying affordable for everyone. We made that dream happen. We started an airline in 2001. Today, we’ve evolved to become something much bigger. We’re now a world-class brand, a leading Asean airline, a digital travel and lifestyle platform; and we’re not stopping. If you’re passionate about connecting people and transforming lives, we want you onboard. When it comes to your career, your Allstar journey will be an adventure. Find your dream career destination with us.
AirAsia A.I CyberSecurity Scoring
AirAsia Risk Score (AI oriented)Between 700 and 749
AirAsia
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
AirAsia Global Score (TPRM)XXXX
AirAsia
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
AirAsia Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
AirAsia
Ransomware
Rankiteo Explanation
Attack threatening the organization's existence
Description: AirAsia Group was targeted by Daixin ransomware group that exposed 5M UNIQUE Passenger personal data, and all employee's personal data leaked. The exposed information includes the date of birth, country of birth, where that person is from when employed for employees and the “secret question and answer” used to secure accounts. The group claims that after encrypting its database and requesting an unspecified price to unlock it and reveal how it gained access to the network, it gave AirAsia a sample of the data. In order to avoid encrypting or destroying anything that would be life-threatening, Daixin Team stated it had avoided locking up crucial files linked to flying equipment. However, it has entirely restricted access to staff and passenger records until payment has been received.
AirAsia Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for AirAsia
Incidents vs Airlines and Aviation Industry Average (This Year)
No incidents recorded for AirAsia in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for AirAsia in 2026.
Incident Types AirAsia vs Airlines and Aviation Industry Avg (This Year)
No incidents recorded for AirAsia in 2026.
Incident History — AirAsia (X = Date, Y = Severity)
AirAsia cyber incidents detection timeline including parent company and subsidiaries
AirAsia Company Subsidiaries
It all starts here. 23 years ago, a dream took flight - shaping and forever changing the travel industry in Asia. The idea was simple: Make flying affordable for everyone. We made that dream happen. We started an airline in 2001. Today, we’ve evolved to become something much bigger. We’re now a world-class brand, a leading Asean airline, a digital travel and lifestyle platform; and we’re not stopping. If you’re passionate about connecting people and transforming lives, we want you onboard. When it comes to your career, your Allstar journey will be an adventure. Find your dream career destination with us.
Loading...
AirAsia Similar Companies
Grupo Aeromexico, S.A.B. de C.V. is a holding company whose subsidiaries are engaged in commercial aviation and the promotion of passenger loyalty programs in Mexico. Aeromexico, Mexico’s global airline, operates more than 600 daily flights and has its main hub in Terminal 2 of the Mexico City Inter
Qatar Airways is the national airline of the State of Qatar. Based in Doha, the Airline’s trendsetting on-board product focuses on: comfort, fine cuisine, the latest in-flight audio & video entertainment, award-winning service and one of the youngest and most advanced aircraft fleet in the sky. Awa
Lufthansa is one of the world’s leading airlines, connecting passengers to over 200 destinations across 74 countries from our hubs in Frankfurt and Munich. As an industry pioneer, we are committed to shaping the future of sustainable aviation, investing in next-generation aircraft, cutting-edge tec
GOL Linhas Aéreas
Somos a maior Companhia Aérea do País e estamos entre as que mais crescem no mundo. A nossa história começou em 2001 e, desde então, somos responsáveis por inovar o mercado da aviação no Brasil. Tudo isso graças à dedicação do nosso Time para garantir o nosso Valor número 1, a Segurança, entregand
Singapore Airlines
Welcome aboard Singapore Airlines on LinkedIn. Discover travel inspirations, business travel tips, cultural insights, our latest updates, and more. Singapore Airlines is a global company dedicated to providing air transportation services of the highest quality and to maximising returns for the ben
We would like to acknowledge the Traditional Custodians of the local lands and waterways on which we live, work and fly. We pay our respects to Elders past and present. Spirit is everything to us, and joining the Qantas team means bringing your spirit to ours. We have over 29,000 exceptional emplo
Ethiopian Airlines
Ethiopian Airlines Group (Ethiopian) is a true African success story, transforming a visionary dream into a globally renowned reality for nearly eight decades. Operating flights to more than 160 domestic and international passenger, and cargo destinations across five continents, Ethiopian bridges th
SpiceJet Limited
Red. Hot. Spicy. That’s not just our tagline, it’s how we fly. Red reflects the bold spirit we bring to every journey, energetic, passionate, and full of heart. Hot captures the warmth of our service and the vibrant destinations we connect. Spicy is our drive to keep travel exciting through innovati
At Southwest®, everything we do—from our smiling People to our policies—is designed to let you go with Heart. No matter what comes up in your travels, we’ve got your back. Because while any airline can fly you, only Southwest lets you go with Heart. Application fees don’t fly. The only way to apply
.png)
AirAsia CyberSecurity News
January 21, 2026 08:36 PM
Malaysian AirAsia X plans to open a hub in Bahrain
The Malaysian regional airline AirAsia X Bhd intends to open a hub in Bahrain in 2026. This is reported in the AirAsia press release.
November 11, 2025 08:00 AM
Malaysia Elevates Aviation Security With New Cyber Framework
Malaysia has launched the Civil Aviation Authority of Malaysia (CAAM) Cybersecurity Framework and Policy, a move designed to bolster the...
June 14, 2025 07:00 AM
Fahmi: AirAsia To Name Plane After Media Practitioners
In a symbolic gesture celebrating the role of the media, Communications Minister Datuk Fahmi Fadzil announced that AirAsia will name one of...
February 14, 2025 08:00 AM
AirAsia MOVE's monthly active users and number of transactions up quarter on quarter in fourth quarter 2024
Malaysia-based Capital A's online travel agent (OTA) platform AirAsia MOVE has achieved higher monthly active users (MAUs) and number of...
January 27, 2025 08:00 AM
AirAsia plans MRO facility in Philippines — DoF
The AirAsia group has expressed plans to establish a maintenance, repair, and operations (MRO) facility in the Philippines, according to the Department of...
August 30, 2024 07:00 AM
Capital A chief hasn't forgotten about Microsoft outage, still expects compensation
Capital A Bhd (KL:CAPITALA) said it has sought legal advice from a US law firm to seek compensation from US cybersecurity firm CrowdStrike...
July 25, 2024 07:00 AM
AirAsia’s Tony Fernandes wants Microsoft compensation for CrowdStrike outage
AirAsia's Tony Fernandes wants Microsoft compensation for the CrowdStrike outage: 'If I delay my flight, you would come after me for a refund'
July 22, 2024 07:00 AM
China unscathed by CrowdStrike-Microsoft outage on back of cybersecurity drive
Emerging largely unharmed from the global tech disruption shows that mainland China's push for 'safe and controllable' computing systems has...
July 22, 2024 07:00 AM
AirAsia says operations back to normal following global IT outage
AirAsia, the low-cost airline under Capital A Bhd (KL:CAPITALA), said operations are back to normal on Monday, after recovering all of its...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
AirAsia CyberSecurity History Information
Official Website of AirAsia
The official website of AirAsia is https://http://www.airasia.com.
AirAsia’s AI-Generated Cybersecurity Score
According to Rankiteo, AirAsia’s AI-generated cybersecurity score is 736, reflecting their Moderate security posture.
How many security badges does AirAsia’ have ?
According to Rankiteo, AirAsia currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has AirAsia been affected by any supply chain cyber incidents ?
According to Rankiteo, AirAsia has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does AirAsia have SOC 2 Type 1 certification ?
According to Rankiteo, AirAsia is not certified under SOC 2 Type 1.
Does AirAsia have SOC 2 Type 2 certification ?
According to Rankiteo, AirAsia does not hold a SOC 2 Type 2 certification.
Does AirAsia comply with GDPR ?
According to Rankiteo, AirAsia is not listed as GDPR compliant.
Does AirAsia have PCI DSS certification ?
According to Rankiteo, AirAsia does not currently maintain PCI DSS compliance.
Does AirAsia comply with HIPAA ?
According to Rankiteo, AirAsia is not compliant with HIPAA regulations.
Does AirAsia have ISO 27001 certification ?
According to Rankiteo,AirAsia is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of AirAsia
AirAsia operates primarily in the Airlines and Aviation industry.
Number of Employees at AirAsia
AirAsia employs approximately 14,175 people worldwide.
Subsidiaries Owned by AirAsia
AirAsia presently has no subsidiaries across any sectors.
AirAsia’s LinkedIn Followers
AirAsia’s official LinkedIn profile has approximately 909,225 followers.
NAICS Classification of AirAsia
AirAsia is classified under the NAICS code 481, which corresponds to Air Transportation.
AirAsia’s Presence on Crunchbase
No, AirAsia does not have a profile on Crunchbase.
AirAsia’s Presence on LinkedIn
Yes, AirAsia maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/airasia.
Cybersecurity Incidents Involving AirAsia
As of January 25, 2026, Rankiteo reports that AirAsia has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
AirAsia has an estimated 3,672 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at AirAsia ?
Incident Types: The types of cybersecurity incidents that have occurred include Ransomware.
Incident Details
Can you provide details on each incident ?
Title: AirAsia Group Data Breach by Daixin Ransomware
Description: AirAsia Group was targeted by Daixin ransomware group that exposed 5 million unique passenger personal data, and all employee's personal data leaked. The exposed information includes the date of birth, country of birth, where that person is from when employed for employees and the “secret question and answer” used to secure accounts. The group claims that after encrypting its database and requesting an unspecified price to unlock it and reveal how it gained access to the network, it gave AirAsia a sample of the data. In order to avoid encrypting or destroying anything that would be life-threatening, Daixin Team stated it had avoided locking up crucial files linked to flying equipment. However, it has entirely restricted access to staff and passenger records until payment has been received.
Type: Ransomware
Threat Actor: Daixin Ransomware Group
Motivation: Financial Gain
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Ransomware.
Impact of the Incidents
What was the impact of each incident ?
Incident : Ransomware AIR1013221122
Data Compromised: Passenger personal data, Employee personal data
Systems Affected: Database
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Data and .
Which entities were affected by each incident ?
Incident : Ransomware AIR1013221122
Entity Name: AirAsia Group
Entity Type: Airline
Industry: Aviation
Customers Affected: 5 million passengers and all employees
Data Breach Information
What type of data was compromised in each breach ?
Incident : Ransomware AIR1013221122
Type of Data Compromised: Personal data
Number of Records Exposed: 5 million unique passenger personal data, All employee personal data
Sensitivity of Data: High
Personally Identifiable Information: Date of birthCountry of birthEmployment locationSecret question and answer
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Ransomware AIR1013221122
Ransom Demanded: Unspecified price
Ransomware Strain: Daixin
Data Encryption: Yes
Data Exfiltration: Yes
Additional Questions
General Information
What was the amount of the last ransom demanded ?
Last Ransom Demanded: The amount of the last ransom demanded was Unspecified price.
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Daixin Ransomware Group.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Passenger personal data, Employee personal data and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Database.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Passenger personal data and Employee personal data.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 5.0M.
Ransomware Information
What was the highest ransom demanded in a ransomware incident ?
Highest Ransom Demanded: The highest ransom demanded in a ransomware incident was Unspecified price.
.png)
Latest Global CVEs (Not Company-Specific)
Description
The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the processBackgroundAction() function in all versions up to, and including, 10.0.04. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify global map engine settings.
Risk Information
cvss3
Base: 5.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Description
The Save as PDF Plugin by PDFCrowd plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘options’ parameter in all versions up to, and including, 4.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. NOTE: Successful exploitation of this vulnerability requires that the PDFCrowd API key is blank (also known as "demo mode", which is the default configuration when the plugin is installed) or known.
Risk Information
cvss3
Base: 6.1
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Description
The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the action_import_module() function in all versions up to, and including, 7.8.9.2. This makes it possible for authenticated attackers, with a lower-privileged role (e.g., Subscriber-level access and above), to upload arbitrary files on the affected site's server which may make remote code execution possible. Successful exploitation requires an admin to grant Hustle module permissions (or module edit access) to the low-privileged user so they can access the Hustle admin page and obtain the required nonce.
Risk Information
cvss3
Base: 7.5
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Description
The WP Directory Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the wdk_public_action AJAX handler. This makes it possible for unauthenticated attackers to extract email addresses for users with Directory Kit-specific user roles.
Risk Information
cvss3
Base: 5.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Description
The Meta-box GalleryMeta plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Risk Information
cvss3
Base: 4.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
References
- https://plugins.trac.wordpress.org/browser/meta-box-gallerymeta/tags/3.0.1/gallerymetaboxes.php#L119
- https://plugins.trac.wordpress.org/browser/meta-box-gallerymeta/tags/3.0.1/gallerymetaboxes.php#L314
- https://plugins.trac.wordpress.org/browser/meta-box-gallerymeta/tags/3.0.1/templates/single-mb_gallery.php#L31
- https://plugins.trac.wordpress.org/browser/meta-box-gallerymeta/tags/3.0.1/templates/single-mb_gallery.php#L33
- https://www.wordfence.com/threat-intel/vulnerabilities/id/bb9ae252-7e5f-4dc0-a162-100493b81980?source=cve
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=airasia' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
