“As a result of the findings, two former employees of [Malindo Air’s] e-commerce services provider, GoQuo Sdn Bhd in its development center in India, had improperly accessed and stolen the personal data of our customers. The matter has been reported to the police, both in Malaysia and India,” the airlines wrote in a statement on Monday.

The company said it had been working closely with all the relevant agencies, including the Malaysian Personal Data Protection Commissioners, National Cyber Security Agency (NACSA), as well as their counterparts overseas.

“Malindo Air is pleased to advise that the data exposure has since been contained,” it added. “Malindo Air wishes to reiterate that this incident is not related to the security of its data architecture or that of its cloud provider Amazon Web Services. All its systems are fully secured and none of the payment details of customers were compromised due to the malicious act."

Read also: Lion Air leak puts data protection in spotlight

Passengers of Batik Air, Malindo Air and Thai Lion Air were shocked when they discovered that their personal details had been posted online sometime in August, according to a cybersecurity research collective, making them vulnerable to various kinds of cybercrime, including identity theft.

The breach was discovered earlier this month by online cybersecurity intelligence collective Under the Breach, which goes by the Twitter handle @underthebreach. The collective posted censored screenshots of Thai Lion Air’s internal data in a brief Twitter thread, showing the sheer scale of the data theft.

Popular

Malaysia says China ready to sign SEA nuclear weapons-free treaty

Solving the development crisis with quality finance

Java airports grounded by low demand, poor planning