Malindo Air has recently undergone a massive data system breach that has resulted in millions of passengers having their personal information leaked onto a data exchange forum just last month.
Malindo Air CEO, Chandran Rama Muthy, told South China Morning Post yesterday that:
“We found out about this breach last week. We and a third party vendor are checking as we speak, and will come up with a statement soon.”
According to Malay Mail, the customer data that was leaked reportedly included vital personal information of passengers such as passport details, telephone numbers and home addresses. As of now, the exact number of customers affected by this breach remains unknown.
Files that were titled, “Passenger details” or “passengers” were stored in an open Amazon web services bucket which anybody can access to because it is a public cloud storage resource.
These files contain sensitive data on customers such as full names, home addresses, email addresses, dates of birth, phone numbers, passport numbers and expiration dates.
However, Malindo Air isn’t the only airline that had its information leaked. Four files, two of which belong to Malindo and the other two, belonging to Thai Lion Air, were uploaded by an online operator of a dark web site known as “Spectre”.
The data was reportedly circulated on the messaging app, Telegram, and on cloud storage and file-hosting services like mega.nz and openload.cc.
The airline is reportedly now carrying out a thorough investigation into the matter and have already reached out to Malaysian Communications and Multimedia Commission (MCMC) on Tuesday.
Malindo Air released another statement later that day saying:
“Some personal data concerning our passengers hosted on a cloud-based environment may have been compromised.”
However, Chandran reassures regular Malindo Air fliers that the airline will engage an independent cybersecurity firm for a full forensic analysis on the leak. The CEO also says that customer payment details were not stored in the affected servers.
Batik Air, another Jakarta based Lion Air subsidary and Malindo’s Indonesian parent company, Lion Air, has also reported to be affected by this breach.
Also read: 38yo Man Makes Fake Bomb Threat at Penang Airport to Delay GF’s Flight to Indonesia