Some items on our site have recently moved. Visit our News Hub for selected articles, special reports, podcasts and other resources.
Malindo Air says third-party company in India stole data leading to breach
24 Sep 2019 12:00 am by Ben Lucas
Malaysian carrier Malindo Air has said that two former employees of a third-party e-commerce service provider in India were responsible for stealing customer data that were later found to have been leaked online.
Malindo Air confirmed on Wednesday last week that it had suffered a huge data breach that resulted in customers' names, dates of birth, mobile phone numbers and passport numbers being leaked.
The two unnamed former employees suspected of stealing the data worked for GoQuo in India. GoQuo, which is headquartered in Malaysia, provides travel booking technology for airlines, including Thai Lion Air, whose passenger data was also leaked online in the same incident.
Malindo Air and GuQuo confirmed that the matter had been reported to police forces in both Malaysia and India.
“What we can confirm is that none of our current employees are involved and the integrity of our systems are intact,” a spokesman for GuQuo told MLex in an e-mailed statement.
“GoQuo has lent its fullest support to all investigations and continues to provide uninterrupted service to all current and future clients,” the spokesman said. “Security and data integrity are a high priority to GoQuo. Each product has a standalone database to ensure segregation of client information.”
Malindo, which is a subsidiary of Indonesia’s Lion Air Group, added that it had been “working closely” with the Malaysian Personal Data Protection Commissioner and the National Cyber Security Agency, and with their foreign counterparts, in connection with the matter, and added that the data leak “has since been contained.”
“Malindo Air wishes to reiterate that this incident is not related to the security of its data architecture or that of its cloud provider Amazon Web Services. All its systems are fully secured and none of the payment details of customers were compromised due to the malicious act,” the company said in a statement late yesterday.
Malindo said it had also issued a reset of customers' passwords and told customers to be wary of any suspicious phone calls or e-mails.
“As a forward proactive measure, data forensics and cybersecurity experts have been brought in to review all the airline’s existing data infrastructure and processes,” Malindo said.
03 Jun 2021 5:20 pm by Dave PereraThe Supreme Court reversed a lower court's broad reading of the US's principal anti-hacking statute.
01 Jun 2021 2:53 pm by Matthew NewmanEuropean telecom and adtech companies should innovate in using non-personal data to advertise, rather than lobbying for lighter EU privacy rules.
05 May 2021 12:00 am by Mike SwiftThe truism that “data is the oil of the 21st Century” is due for Version 2.0. Increasingly, data is more than a commodity.