Malindo CEO says customer data breach contained, reported theft to authorities

CEO Captain Mushafiz Mustafa Bakri  said as a proactive measure, data forensics and cyber security experts have been brought in to review Malindo Air’s existing data infrastructure and processes. — Picture via Facebook/ Malindo Air
CEO Captain Mushafiz Mustafa Bakri said as a proactive measure, data forensics and cyber security experts have been brought in to review Malindo Air’s existing data infrastructure and processes. — Picture via Facebook/ Malindo Air

KUALA LUMPUR, Sept 27 — Low-cost airline Malindo Air said the recent data breach affecting the personal data of its customers has been fully contained. 

Its chief executive officer Captain Mushafiz Mustafa Bakri also said the matter has been reported to the police here and in India, after findings revealed two former employees of Malindo’s e-commerce services provider GoQuo (M) Sdn Bhd improperly accessed and stole the data from its development centre in India.

“We wish to reiterate that this incident is not related to the security of our data architecture or that of our cloud provider Amazon Web Services. 

“All Malindo Air systems are fully secured and none of the payment details of customers were compromised due to the malicious act,” he said in a statement.

Mushafiz said as a proactive measure, data forensics and cyber security experts have been brought in to review Malindo Air’s existing data infrastructure and processes.

“We have been working closely with all relevant agencies including the Malaysian Personal Data Protection Commissioners, the National Cyber Security Agency, as well as their counterparts abroad.

“Malindo has also initiated auto-reset of all customer passwords and would like to caution our customers to be wary of any suspicious and unsolicited calls and/or emails,” he said, adding that those who require further assistance can reach out to the airline.

The breach, which occurred last week, exposed information including customers’ full names, contact numbers, email addresses, and even their passport numbers with expiration dates. The data was uploaded in an open Amazon web services bucket.

It was reported that the data dump had also been shared on other platforms, including instant messaging service Telegram, and cloud storage and file hosting services such as openload.cc and mega.nz.

Related Articles