An authoritative Kenya Airways (KQ) source who does not wish to be identified has confirmed that there was a cyber security incident last month. A hacker tried to access the airline’s systems but only managed to obtain limited information that included some identity documents, telephone numbers, investigation reports and email addresses.
The hackers demanded ransom from Kenya Airways which was declined. The Office of Data Protection Commissioner (ODPC) was made aware of the incident in line with the transparency policy and the Data Protection Act protocols. Additionally, the data subjects, whose limited information was accessed were contacted and engaged.
Kenya Airways staff named ‘Best Airline Staff in Africa’
Information in the public domain reveals several carriers and aviation installations have experienced some form of cyber-attack recently. The following are some of these attacks starting with the most recent:
1. December 2023 Qatar Airways data breach with more than 400GB of data that included passenger manifests and security protocols decrypted by hackers.
2. November 2023, Gulf Air reported a data breach
3. November 2023 Spain’s Air Europa experienced a cyber-attack on its payment system, resulting in the exposure of certain customer credit card details.
4. November 2023 Scandinavian Airlines (SAS) was hit by a cyberattack, knocking its website offline and leaking customer data from its mobile app.
5. September 2023 Canada’s largest airline disclosed a data breach involving employee information.
6. May 2023 a data breach at Pilot Credentials led to the theft of personal details from thousands of pilot applicants for American Airlines and Southwest Airlines.
The Kenya Airways source confirms that there was no unauthorized access to KQ’s booking system and zero impact on the airline’s operations. The airline’s technology security professionals have taken the necessary precautions and are collaborating with national security agencies to ensure that all protocols are followed.