AirAsia Vendor Cyber Rating & Cyber Score

airasia.com
ISOSOC2 Type 1SOC2 Type 2PCI DSSHIPAAGDPR

It all starts here. 23 years ago, a dream took flight - shaping and forever changing the travel industry in Asia. The idea was simple: Make flying affordable for everyone. We made that dream happen. We started an airline in 2001. Today, we’ve evolved to become something much bigger. We’re now a world-class brand, a leading Asean airline, a digital travel and lifestyle platform; and we’re not stopping. If you’re passionate about connecting people and transforming lives, we want you onboard. When it comes to your career, your Allstar journey will be an adventure. Find your dream career destination with us.

AirAsia A.I CyberSecurity Scoring

AirAsia

Company Details

Linkedin ID:

airasia

Website:

http://www.airasia.com

Employees number:

14,245

Number of followers:

919,986

NAICS:

481

Industry Type:

Airlines and Aviation

Homepage:

airasia.com

IP Addresses:

Scan still pending

Company ID:

AIR_3357924

Scan Status:

In-progress

AI scoreAirAsia Risk Score (AI oriented)

Between 600 and 649

https://images.rankiteo.com/companyimages/airasia.jpeg
AirAsia Airlines and Aviation
Updated:
  • Powered by our proprietary A.I cyber incident model
  • Insurance preferes TPRM score to calculate premium
Get a Score Increase
globalscoreAirAsia Global Score (TPRM)

XXXX

https://images.rankiteo.com/companyimages/airasia.jpeg
AirAsia Airlines and Aviation
  • Instant access to detailed risk factors
  • Benchmark vs. industry & size peers
  • Vulnerabilities
  • Findings

AirAsia

Poor
Current Score
636
Caa (Poor)
01000
2 incidents
-106.0 avg impact

Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.

APRIL 2026
636
MARCH 2026
636
FEBRUARY 2026
737
Ransomware
22 Feb 2026 • AirAsia, Kuala Lumpur International Airport and Malaysia Airlines: Qilin ransomware claims Malaysia Airlines hack – are passenger records at risk?
Qilin Ransomware Group Claims Attack on Malaysia Airlines

**Qilin Ransomware Group Claims Attack on Malaysia Airlines** The Qilin ransomware gang has listed Malaysia Airlines on its dark web leak site, marking the latest in a series of cyberattacks targeting the aviation sector. The group, which operates under a ransomware-as-a-service (RaaS) model, has rapidly escalated its activities, emerging as the most active ransomware operation of 2025 with over 1,000 victims that year and more than 200 additional claims in early 2026. The incident, dated February 22, 2026, remains unconfirmed by Malaysia Airlines or investigators, as Qilin has yet to provide proof of stolen data unlike its typical tactic of releasing file samples to pressure victims. The lack of evidence leaves uncertainty about whether the attack involved a confirmed breach, a failed intrusion, or a negotiation ploy. No details have been disclosed regarding potential exposure of passenger data, employee records, or operational systems. This follows a March 2025 ransomware attack on Kuala Lumpur International Airport (KLIA), also attributed to Qilin, which disrupted flight information displays, check-in systems, and baggage handling for over 10 hours. The aviation industry has become a prime target for ransomware groups, drawn by the combination of operational leverage and access to sensitive personal and corporate data. Qilin, linked to Russian cybercriminal networks, has expanded its victim pool beyond traditional sectors like finance and healthcare to include critical infrastructure, government agencies, and transportation entities. Past attacks on airlines and airports have exposed passenger names, passport details, and internal documents, raising concerns about identity fraud and phishing risks. Malaysia’s aviation sector has faced repeated cyber threats, including a 2022 ransomware attack on AirAsia by the Daixin Team and a 2020–2021 data breach at Malaysia Airlines. While the current claim lacks verification, analysts note that ransomware groups often withhold evidence during negotiations, with data dumps or public disclosures occurring only if talks fail. The incident underscores the growing vulnerability of global aviation to cyber extortion, with ransomware gangs increasingly prioritizing high-impact targets for financial gain and operational disruption.

631
critical -106
MALAIR1772151934
Incident Details -
Type
Ransomware
Motivation
Financial gain, operational disruption
Impact
Brand Reputation Impact: High Identity Theft Risk: Potential
Data Breach
Passenger names Passport details Internal documents Sensitivity Of Data: High Personally Identifiable Information: Potential
Investigation Status
['Unconfirmed']
References
Blog URL Source URL
JANUARY 2026
736
DECEMBER 2025
732
NOVEMBER 2025
731
OCTOBER 2025
730
SEPTEMBER 2025
729
AUGUST 2025
728
JULY 2025
726
JUNE 2025
725
MAY 2025
724
NOVEMBER 2022
790
Ransomware
01 Nov 2022 • AirAsia
AirAsia Group Data Breach by Daixin Ransomware

AirAsia Group was targeted by Daixin ransomware group that exposed 5M UNIQUE Passenger personal data, and all employee's personal data leaked. The exposed information includes the date of birth, country of birth, where that person is from when employed for employees and the “secret question and answer” used to secure accounts. The group claims that after encrypting its database and requesting an unspecified price to unlock it and reveal how it gained access to the network, it gave AirAsia a sample of the data. In order to avoid encrypting or destroying anything that would be life-threatening, Daixin Team stated it had avoided locking up crucial files linked to flying equipment. However, it has entirely restricted access to staff and passenger records until payment has been received.

667
critical -123
AIR1013221122
Incident Details -
Type
Ransomware
Motivation
Financial Gain
Impact
Passenger personal data Employee personal data Database
Data Breach
Personal data 5 million unique passenger personal data All employee personal data High Date of birth Country of birth Employment location Secret question and answer
References
Blog URL Source URL

Frequently Asked Questions

According to Rankiteo, the current A.I.-based Cyber Score for AirAsia is 636, which corresponds to a Poor rating.

According to Rankiteo, the A.I. Rankiteo Cyber Score for March 2026 was 636.

According to Rankiteo, the A.I. Rankiteo Cyber Score for February 2026 was 737.

According to Rankiteo, the A.I. Rankiteo Cyber Score for January 2026 was 736.

According to Rankiteo, the A.I. Rankiteo Cyber Score for December 2025 was 732.

According to Rankiteo, the A.I. Rankiteo Cyber Score for November 2025 was 731.

According to Rankiteo, the A.I. Rankiteo Cyber Score for October 2025 was 730.

According to Rankiteo, the A.I. Rankiteo Cyber Score for September 2025 was 729.

According to Rankiteo, the A.I. Rankiteo Cyber Score for August 2025 was 728.

According to Rankiteo, the A.I. Rankiteo Cyber Score for July 2025 was 726.

According to Rankiteo, the A.I. Rankiteo Cyber Score for June 2025 was 725.

According to Rankiteo, the A.I. Rankiteo Cyber Score for May 2025 was 724.

Over the past 12 months, the average per-incident point impact on AirAsia’s A.I Rankiteo Cyber Score has been -106.0 points.

You can access AirAsia’s cyber incident details on Rankiteo by visiting the following link: https://www.rankiteo.com/company/airasia.

You can find the summary of the A.I Rankiteo Risk Scoring methodology on Rankiteo by visiting the following link: Rankiteo Algorithm.

You can view AirAsia’s profile page on Rankiteo by visiting the following link: https://www.rankiteo.com/company/airasia.

With scores of 18.5/20 from OpenAI ChatGPT, 20/20 from Mistral AI, and 17/20 from Claude AI, the A.I. Rankiteo Risk Scoring methodology is validated as a market leader.