Some items on our site have recently moved. Visit our News Hub for selected articles, special reports, podcasts and other resources.
Malindo Air, Thai Lion Air suffer ‘huge’ data breaches
18 September 2019 00:00
Lion Air Group subsidiaries Malindo Air and Thai Lion Air have both suffered data breaches resulting in large amounts of customers' personal details being leaked online.
The leaked data included the names, dates of birth, mobile phone numbers and passport numbers of the airline’s customers, according to a report by cybersecurity start-up TechniSanct, which first discovered the breach.
“Our in-house teams, along with external data service providers Amazon Web Services (AWS) and GoQuo, our e-commerce partner, are currently investigating into this breach,” Malindo said in a press statement. “We are in the midst of notifying the various authorities both locally and abroad including CyberSecurity Malaysia,” it added.
“This is a huge amount of data,” TechniSanct CEO Nandakishore Harikumar told MLex. “Each line contains highly sensitive data,” he added.
“We believe organizations should be cautious about protecting private data even if it’s a single line of data,” Harikumar said.
According to the report, seen by MLex, four files, two belonging to Malindo Airlines and two belonging to Lion Air Thai, were leaked online. The two Malindo Air files are 1.23GB and 3.2GB in size, respectively, containing a combined 13.8 million lines of data. The two Thai Lion Air files are 3.05 GB and 7.19 GB in size, respectively, containing a total of 32.18 million lines of data. They were leaked on cloud storage and file-hosting services Mega.nz and Openload.cc. The report also found the same data dumped in forums on the mobile messaging app Telegram.
TechniSanct discovered the breach “around the 3rd or 4th of September” but the data could have been leaked earlier, possibly in August, Harikumar told MLex.
After the company confirmed that there had been a breach on Sept. 11, it contacted Malindo and its CEO, Chandran Rama Muthy. “There was no response,” said Harikumar.
Rama Muthy confirmed the breach to Harikumar, however, after details of it were published by media outlets.
MLex contacted Thai Lion Air and Lion Air Group for comment, but had received no reply from either carrier by the time this article was published.