Malindo Air, Thai Lion Air suffer ‘huge’ data breaches
18 Sep 2019 12:00 am by Ben Lucas
Lion Air Group subsidiaries Malindo Air and Thai Lion Air have both suffered data breaches resulting in large amounts of customers' personal details being leaked online.
The leaked data included the names, dates of birth, mobile phone numbers and passport numbers of the airline’s customers, according to a report by cybersecurity start-up TechniSanct, which first discovered the breach.
“Our in-house teams, along with external data service providers Amazon Web Services (AWS) and GoQuo, our e-commerce partner, are currently investigating into this breach,” Malindo said in a press statement. “We are in the midst of notifying the various authorities both locally and abroad including CyberSecurity Malaysia,” it added.
“This is a huge amount of data,” TechniSanct CEO Nandakishore Harikumar told MLex. “Each line contains highly sensitive data,” he added.
“We believe organizations should be cautious about protecting private data even if it’s a single line of data,” Harikumar said.
According to the report, seen by MLex, four files, two belonging to Malindo Airlines and two belonging to Lion Air Thai, were leaked online. The two Malindo Air files are 1.23GB and 3.2GB in size, respectively, containing a combined 13.8 million lines of data. The two Thai Lion Air files are 3.05 GB and 7.19 GB in size, respectively, containing a total of 32.18 million lines of data. They were leaked on cloud storage and file-hosting services Mega.nz and Openload.cc. The report also found the same data dumped in forums on the mobile messaging app Telegram.
TechniSanct discovered the breach “around the 3rd or 4th of September” but the data could have been leaked earlier, possibly in August, Harikumar told MLex.
After the company confirmed that there had been a breach on Sept. 11, it contacted Malindo and its CEO, Chandran Rama Muthy. “There was no response,” said Harikumar.
Rama Muthy confirmed the breach to Harikumar, however, after details of it were published by media outlets.
MLex contacted Thai Lion Air and Lion Air Group for comment, but had received no reply from either carrier by the time this article was published.
03 Aug 2020 9:29 pm by Ana Paula CandilCompanies are pressuring Brazilian lawmakers to delay implementation of the nation's data-protection law from Aug. 16 until next May.
Biggest cyberattack ever caused $15 billion loss to customers of companies directly hit, though banks softened impact, study says31 Jul 2020 12:00 pm by Neil RolandThe most damaging cyberattack ever in 2017, caused a $15 billion loss to customers of companies directly hit, a federal study said.
International companies more prepared than local companies for Brazilian data protection law, Alves says30 Jul 2020 11:00 am by Ana Paula CandilInternational companies are much more prepared for Brazil's new data protection law than Brazilian firms because they already comply with similar legislation.