Data Breach: Kenya Airways Hacked, Sensitive And Confidential Files Leaked

Kenya Airways appears to have been hit by a cyberattack by Ransomexx ransomware group on December 30, 2023 leading to a massive data leak including highly sensitive and confidential data that they uploaded on the dark internet.

The airline, which plays a crucial role in connecting African nations to the rest of the globe, now suffers the aftermath of a targeted cyberattack that has exposed sensitive information, posing significant challenges to its operations and reputation.

The data leak allegedly started when Kenya Airways fell victim to a sophisticated cybercriminal attack by the Ransomexx group. These hackers are notorious for targeting various organisations worldwide.

Documents leaked cover aircraft accidents, investigation reports into employee misconduct like fraud, theft, policy violations.

A huge volume of internal Kenya Airways data compromised including; insurance policies, confidential agreements, passwords, customer complaints, alleged sexual harassment incidents. The exposed files also contain files relating to accidents, as such documents were named ‘Accident docs’, ‘Accident investigations’, ‘Accidents’, ‘Air Accident Investigations’, and ‘Investigation Reports.’

The leak also contains details of politically exposed people. This has dealt a blow to Kenya Airways for failing to secure the safety of customers data and exposing the airline to cybercriminals. This breach also could enable theft and fraud from the employees and customers leaked data.

Last year in April, retail chain Naivas was hit with a similar cybersecurity breach that resulted in the exposure of crucial customer data. According to the government, the criminal group was able to transfer 611 GB of personal data.

Naivas attackers obtained information from their customer loyalty program. The data illegally transferred had names, phone numbers, and email addresses.

According to set laws, a cyber-attack of this kind must be reported within 72 hours of discovery. However, Naivas failed to follow the set law and did not report. As a result, Data Commissioner Immaculate Kassait said the local supermarket chain was be fined up to KES 5 Million.

It also remains unclear whether Kenya Airways has also informed the Office of the Data Protection Commissioner Kenya of the incident.

What Are Ransomware Attacks?

Ransomware is a type of malware designed to deny an individual or an organization access to their files. Attackers gain access to the files on a computer or shared server and encrypt them, denying a user or organization access to their data. They then demand a ransom payment in exchange for the decryption key, with the payment often made through cryptocurrency. In some cases, such as the Naivas and KQ ransomware attacks, they include an element of  data theft – providing greater incentive for victims to pay the ransom. In a previous Kenya Airport Authority (KAA) attack, the attackers demanded Ksh67.6 million while threatening to release the data, but KAA termed the data breach insignificant while failing to pay up.

Ransomware today is one of most prominent types of malware. Across the world, attackers are targeting organizations including dating apps, ecommerce platforms, hospitals, insurers and medical companies and holding sensitive data hostage.

Kenya National Bureau of Statistics (KNBS) data indicates that cybersecurity advisories issued to companies increased by 3,693 percent from 81,727 in 2020 to 3.1 million advisories in 2021. The adoption of improved detection technology played a part.

Total cyber threats rose by 142 percent from 139.1 million to 339.1 million over the same period. Of the cyber threats reported, system vulnerabilities rose from from 114,675 in 2020 to 58 million in 2021. Reported Botnet/DDOs threats also increased from 4.1 million in 2020 to 92.1 million in 2021.

The consistent increase in attacks has been attributed to the growing number of cyber threat actors such as hacktivists, state-sponsored groups, organized cybercriminals, and cyber terrorists.