Malindo Air says third-party company in India stole data leading to breach
24 Sep 2019 12:00 am by Ben Lucas
Malaysian carrier Malindo Air has said that two former employees of a third-party e-commerce service provider in India were responsible for stealing customer data that were later found to have been leaked online.
Malindo Air confirmed on Wednesday last week that it had suffered a huge data breach that resulted in customers' names, dates of birth, mobile phone numbers and passport numbers being leaked.
The two unnamed former employees suspected of stealing the data worked for GoQuo in India. GoQuo, which is headquartered in Malaysia, provides travel booking technology for airlines, including Thai Lion Air, whose passenger data was also leaked online in the same incident.
Malindo Air and GuQuo confirmed that the matter had been reported to police forces in both Malaysia and India.
“What we can confirm is that none of our current employees are involved and the integrity of our systems are intact,” a spokesman for GuQuo told MLex in an e-mailed statement.
“GoQuo has lent its fullest support to all investigations and continues to provide uninterrupted service to all current and future clients,” the spokesman said. “Security and data integrity are a high priority to GoQuo. Each product has a standalone database to ensure segregation of client information.”
Malindo, which is a subsidiary of Indonesia’s Lion Air Group, added that it had been “working closely” with the Malaysian Personal Data Protection Commissioner and the National Cyber Security Agency, and with their foreign counterparts, in connection with the matter, and added that the data leak “has since been contained.”
“Malindo Air wishes to reiterate that this incident is not related to the security of its data architecture or that of its cloud provider Amazon Web Services. All its systems are fully secured and none of the payment details of customers were compromised due to the malicious act,” the company said in a statement late yesterday.
Malindo said it had also issued a reset of customers' passwords and told customers to be wary of any suspicious phone calls or e-mails.
“As a forward proactive measure, data forensics and cybersecurity experts have been brought in to review all the airline’s existing data infrastructure and processes,” Malindo said.
03 Aug 2020 9:29 pm by Ana Paula CandilCompanies are pressuring Brazilian lawmakers to delay implementation of the nation's data-protection law from Aug. 16 until next May.
Biggest cyberattack ever caused $15 billion loss to customers of companies directly hit, though banks softened impact, study says31 Jul 2020 12:00 pm by Neil RolandThe most damaging cyberattack ever in 2017, caused a $15 billion loss to customers of companies directly hit, a federal study said.
International companies more prepared than local companies for Brazilian data protection law, Alves says30 Jul 2020 11:00 am by Ana Paula CandilInternational companies are much more prepared for Brazil's new data protection law than Brazilian firms because they already comply with similar legislation.