Malindo Air says massive data breach was caused by former staff at contractor in India

Passengers’ names, home addresses, email addresses, dates of birth, phone numbers and passport numbers were made public in the massive data leak

The Lion Air subsidiary says the breach, which also affected Thai Lion Air, has been contained

Reading Time:2 minutes

Published: 8:12pm, 23 Sep 2019Updated: 8:18pm, 23 Sep 2019

A massive data breach at Indonesian airline Lion Air that affected millions of customers was the fault of staff at an e-commerce contractor in India, the airline’s Malaysia subsidiary said on Monday.

Malindo Air made the breach public last week after Moscow-based cybersecurity firm Kaspersky Lab said in a report that the details of around 30 million passengers of Malindo and another Lion Group subsidiary Thai Lion Air were posted in online forums.

Kaspersky said parts of the leaked databases were up for sale on the dark web.

Malindo Air said in a statement that two former employees of e-commerce services provider GoQuo (M) Sdn Bhd in their development centre in India “improperly accessed and stole the personal data of our customers”.

The airline said the data breach has since been contained and the matter has been reported to the police in Malaysia and India.

An auto-reset of all customer passwords has been carried out and security experts have been brought in to review the airline’s data systems.

Malindo Air also said the breach was not related to the security of cloud service provider Amazon Web Services’ data architecture, and none of the payment details of customers were compromised.

Select Voice

Choose your listening speed

Get through articles 2x faster

1.25x

250 WPM

Slow

Average

Fast

00:0000:00

1.25x