Malindo Air confirms data breach, exposing millions of passengers’ personal data
- Information including passport details, home addresses and phone numbers were leaked onto data exchange forums last month
- Malindo, a subsidiary of Lion Air, operates from two airports in Kuala Lumpur and has a network of about 40 routes across the region
“We found out about this breach last week. We and a third party vendor are checking as we speak, and will come up with a statement soon. We will advise passengers accordingly as per the investigation outcome,” he told the South China Morning Post, adding that it was yet unknown how many passengers’ details had been leaked.
Chandran said Malindo Air would also be hiring an independent cybersecurity firm to do a full forensic analysis into the nature of the leak. “This is a very serious offence.”
In the statement released later that day, Malindo Air admitted “some personal data concerning our passengers hosted on a cloud-based environment may have been compromised”. It said that an in-house team, along with external data service providers Amazon Web Services and e-commerce partner GoQuo, was investigating the breach.
The carrier also said customer payment details were not stored in the affected servers, and that the airline was in the midst of notifying the various relevant authorities both locally and abroad, including national cybersecurity specialist agency CyberSecurity Malaysia.
