The personal data of millions of air travellers are believed to have been compromised, following a data breach at Malaysia’s Malindo Air and the carrier’s Indonesian parent group, Lion Air last month.
The leak saw huge swathes of personal and private details being exposed on the flora exchange in August of this year, an incident which was confirmed by Malindo Air’s CEO, Chandran Rama Muthy, and first reported by the South China Morning Post (SCMP) today.
“We found out about this breach last week. We and a third-party vendor are checking as we speak, and will come up with a statement soon. We will advise passengers accordingly as per the investigation outcome.”
The data leak is believed to have compromised information such as passport details, residential addresses and the mobile phone numbers of travellers, but a precise number of victims has not yet been calculated.
Chandran described how the airline has begun an internal investigation to explore the data breach further. The data breach has also been reported to the Malaysian Communications and Multimedia Commission (MCMC).
Chandran also said that the breached carrier, Malindo Air, is set to conduct a full cyber-security audit and put together a full forensic analysis on the leak. Local media reported that files of passengers who use the airlines were uploaded and stored in an open Amazon web services bucket.
SCMP says that the files, which bore the title “Passenger Details” held full names, home addresses, dates of birth, travellers’ phone numbers, passport numbers and passport expiration dates.
Two files belonging to Malindo Airlines, and two belonging to Thai Lion Air were placed online by an entity known as “Spectre” – a person or group of a dark web domain where the underworld can download links to access leaked data.
According to SCMP, the data dump was shared on instant messaging service Telegram, and placed on cloud storage and file-hosting services such as mega.nz and openload.cc. It is reported that Batik Air, a further Jakarta-based subsidiary of Lion Air, has also been affected by the breach.
The post #privacy: Traveller data exposed in Malaysian airline data breach appeared first on PrivSec Report.