TheJakartaPost

Please Update your browser

Your browser is out of date, and may not be compatible with our website. A list of the most popular web browsers can be found below.
Just click on the icons to get to the download page.

Jakarta Post

Lion Air leak puts data protection in spotlight

The data breach laid bare at least 35 million customers’ passport details, home addresses and phone numbers in the digital wilderness, effectively rendering them vulnerable to various kinds of cybercrime, including identity theft. Malindo Air confirmed the data breach in a statement on Wednesday.

Rizki Fachriansyah (The Jakarta Post)
Premium
Jakarta
Thu, September 19, 2019

Share This Article

Change Size

Lion Air leak puts data protection in spotlight Lion Air aircraft at Soekarno-Hatta International Airport in Tangerang, Banten. (JP/Ricky Yudhistira)

W

ith all due respect to the affected passengers, the data leak affecting tens of millions of Lion Air Group customers could not have occurred at a better time: right when the government is planning to relax rules on data centers in a move that has sparked a fair amount of debate on data protection.

Passengers of the group’s subsidiaries Batik Air, Malaysia-based Malindo Air and Thailand-based Thai Lion Air had their personal details stolen and posted online last month, according to a cybersecurity research collective.

The data breach laid bare at least 35 million customers’ passport details, home addresses and phone numbers in the digital wilderness, effectively rendering them vulnerable to various kinds of cybercrime, including identity theft. Malindo Air confirmed the data breach in a statement on Wednesday.

The breach was discovered earlier this month by online cybersecurity intelligence collective Under the Breach, which goes by the Twitter handle @underthebreach. The collective posted censored screenshots of Thai Lion Air’s internal data in a brief Twitter thread, showing the sheer scale of the data theft.

“Hacker dumps @lionairthai’s customer and flight database. First database has 21 million records, which include passenger ID, reservation ID, customer address, phone number and email,” @underthebreach tweeted on Sept. 12. “Second database has 14 million records, which include the name, date of birth, phone number, passport number and passport expiration date.”

In an email interview with The Jakarta Post, the collective said a member of online database leak forum raidforums.com posted on Aug. 12 a host of private information, including those associated with Batik Air, Malindo Air and Thai Lion Air in a thread titled “Bangkok airline”.

They said that, although the link to the files had been removed from the forum, backups of the airlines’ internal files were still available for download on file-sharing website pastebin.com. The files contained multiple references to Batik Air, Malindo Air and Thai Lion Air dating back to 2015. Several files were named “PaymentGateway”, in reference to airline customers’ payment information.

to Read Full Story

We accept

TJP - Visa
TJP - Mastercard
TJP - GoPay
{

Your Opinion Counts

Your thoughts matter - share your experiences, suggestions, and any issues you've encountered on The Jakarta Post. We're here to listen.

Enter at least 30 characters
0 / 30

Thank You

Thank you for sharing your thoughts. We appreciate your feedback.