It was reported last week that Lion Air and its Malaysian subsidiary, Malindo Air, have been hit by a data breach. As a result, passenger details including phone numbers, addresses and passport information have been leaked onto data exchange forums.
The airline has updated that the data exposure has been contained and they have traced the source to two former employees of its e-commerce service provider, GoQuo (M) Sdn Bhd. According to Malindo Air’s statement, the suspects formerly from GoQuo’s development centre in India have improperly accessed and stolen personal data of Malindo customers, and the matter has been reported to the police in both Malaysia and India.
Malindo Air has been working closely with the authorities and relevant agencies such as the Malaysian Personal Data Protection Commissioners and the National Cyber Security Agency (NACSA) as well as their counterpart overseas. They added that the data breach is not related to the security of its data architecture or that of its cloud provider, Amazon Web Services. They emphasised that their systems are fully secured and none of the payment details of customers was compromised due to the malicious act. Nevertheless, they are taking extra proactive measures which including bringing in data forensics and cybersecurity experts to review their existing infrastructure.
Malindo Air has also started to auto-reset all customer passwords and issued a reminder to customers to be wary of any suspicious calls and emails.