KUALA LUMPUR: Malaysia’s Malindo Air, a subsidiary of Indonesia’s Lion Group, said on Wednesday it was investigating a data breach involving the personal details of its passengers.
Malindo Air’s statement followed a report by Moscow-based cybersecurity firm Kaspersky Lab that the details of around 30 million passengers of Malindo and fellow Lion Group subsidiary Thai Lion Air were posted in online forums.
The report said the leaked information included passengers’ passport details, addresses and phone numbers.
Malindo Air said it was notifying authorities internationally about the incident and advised customers with online frequent flyer accounts to change their passwords.
It declined to provide more detail on its investigation, including how many customers were affected, but said it did not store any customer payment details on its servers.
“We are in the midst of notifying the various authorities both locally and abroad including CyberSecurity Malaysia,” it said in a statement.
“Malindo Air is also engaging with independent cybercrime consultants to investigate and report into this incident.”
The files were uploaded and stored in an open Amazon Web Services (AWS) bucket, a public cloud storage resource. AWS, which is an external data service provider for Malindo, was not immediately available for comment.
Kaspersky said parts of the leaked databases were up for sale on the dark web. – Agencies