Malaysian premium airline Malindo Air, a subsidiary of Indonesia’s Lion Group, announced Wednesday, Sept 18, it has suffered from a massive data breach that had exposed the personal details of millions of its passengers.
According to a report from the South China Morning Post, the airline is currently investigating following the security incident that had exposed the passport details, home addresses, and phone numbers of their customers.
“We found out about this breach last week. We and a third party vendor are checking as we speak and will come up with a statement soon. We will advise passengers accordingly as per the investigation outcome,” said Malindo Air CEO Chandran Rama Muthy to SCMP.
To date, the number of affected customers is still unknown, however, the company assured they have already notified local and international authorities, including the Malaysian Communications and Multimedia Commission (MCMC) and CyberSecurity Malaysia.
Moreover, the airline announced they are set to hire an independent cybersecurity firm to further their investigation on the nature of the leak.
In an interview with SCMP, CEO Chandran confirmed that some personal data of the passengers may have been compromised given that the files of passengers who flew with Thai Lion Air and Malindo Air have been uploaded and stored in an open Amazon Web Services (AWS) bucket. Furthermore, parts of the leaked databases were said to be up for sale on the Dark Web.
“While assessing a few of them we found that Spectre’s website had a new dump which belonged to Malindo Airlines. We accessed the dump, verified the data and understood that it contained sensitive information. We assessed the severity and tried to understand where all the data was on sale,” quoted the South China Morning Post from cybersecurity expert Nandakishore Harikumar, CEO of Indian cybersecurity start-up Technisanct.
Malindo Air is a Malaysian airline under the Indonesia-based Lion Air Group. Today, the airline operates with a network of about 40 routes across the region and conducts over 800 flights each week.
Its current CEO, Chandran Rama Muthy, is set to exit the company later this month. He will be replaced by the current director of safety, security, and quality at Thai Lion Air, Mushafiz Mustafa Bakri.
To date, Malindo Air is continuing its investigation with the help of the authorities and cybersecurity experts. It also advises customers with online frequent flyer accounts to change their passwords immediately to avoid further damages caused by the breach.