UPDATE: Data Breach
Malindo Air has released a statement confirming that this incident has been investigated and data exposure has been contained. The breach was traced to a former employee of its e-commerce services provider, GoQuo (M) Sdn Bhd in their development centre in India who improperly accessed and stole customer personal data. The matter has been reported to the police in Malaysia and India.
Malindo Air has worked closely with all relevant agencies and their overseas counterparts.
This includes the Malaysian Personal Data Protection Commissioners and the National Cyber Security Agency (NACSA).
The airline confirms that this incident is not related to the security of its data architecture or that of its cloud provider Amazon Web Services. All its systems are fully secured and no payment details of customers were compromised. They are now reviewing all the airline’s existing data infrastructure and processes with the assistance of data forensics and cyber security experts.
Malindo Air has also initiated auto-reset of all customer passwords and warns customers to be wary of any suspicious and unsolicited calls and emails. Contact [email protected] for further assistance.
Malindo Airways Sdn Bhd has advised of a possible data breach relating to passengers’ personal data. The airline assured passengers on 18th September 2019, that they have taken adequate measures to ensure that passenger data is not compromised. This is in line with the Malaysian Personal Data Protection Act 2010.
They also noted that:
….. We also do not store any payment details of our customers in our servers and are compliant with the Payment Card Industry (PCI) Data Security Standard (DSS).
The statement also confirmed that the data is hosted on a cloud based environment. Their in-house teams are working with external data service providers, Amazon Web Services (AWS) and GoQuo, their e-commerce partner to investigate the breach.
Data breach response
Malindo Air has notified the relevant authorities both locally and abroad, including CyberSecurity Malaysia. One online portal has suggested that information including passport details, home addresses and phone numbers were leaked onto data exchange forums in August 2019. The airline has engaged independent cyber-crime consultants to investigate and report on the data breach.
Do you have a Malindo Miles account?
As a precautionary measure, you should change your password, especially if you use it for other services online. Malindo Air will provide further updates through their website, mobile and social media platforms.
You can also contact their
- Customer Care at [email protected] or
- Call Centre at (60)3-7841 5388 from 9am to 9pm daily.