The information left unsecured in online databases includes names, email addresses, phone numbers, physical addresses, passport numbers, passport expiration dates, dates of birth, and passenger and reservation IDs.
Data leaked nearly a month ago
The exact date on when the data was made available on forums is not clear, but it has been observed that data exchange forums published the link to the open AWS bucket on August 10.
The breach was officially confirmed by Malindo Air CEO Chandran Rama Muthy, who said that the airline has initiated internal investigations and reached out to the Malaysian Communications and Multimedia Commission (MCMC) on Tuesday.
He told South China Morning Post, “We found out about this breach last week. We and a third party vendor are checking as we speak, and will come up with a statement soon. We will advise passengers accordingly as per the investigation outcome.”
He also said that the number of passengers whose data was compromised is still unknown. Chandran added that Malindo Air would be hiring an independent cybersecurity firm to analyze the nature of the leak.