KUALA LUMPUR (Sept 23): Malindo Air said today a former employee of its e-commerce service provider was responsible for its recent passenger data breach.
The former employee of GoQuo (M) Sdn Bhd at the firm's development centre in India had "improperly accessed and stole the personal data of our customers", said Malindo Air.
The matter has been reported to the police both in Malaysia and India, the carrier said in a statement.
"Malindo Air has been working closely with all the relevant agencies including the Malaysian Personal Data Protection Commissioners and the National Cyber Security Agency as well as their counterparts overseas," the airline said.
The data exposure has since been contained, it said, adding the incident is not related to the security of its data architecture or that of its cloud provider Amazon Web Services.
"All its systems are fully secured and none of the payment details of customers were compromised due to the malicious act.
"As a forward proactive measure, data forensics and cyber security experts have been brought in to review all the airline's existing data infrastructure and processes," said Malindo Air.
Malindo Air's chief executive officer Chandran Rama Murthy had disclosed the data leak on Sept 18.
According to a report in the South China Morning Post following the disclosure, personal data of passengers who flew with Thai Lion Air and Malindo Air — both subsidiaries of Indonesia's Lion Air — were released online by 'Spectre', which runs a darkweb site that publishes links to download leaked data and hacked databases.
The breach was discovered by Indian cybersecurity firm Technisanct while it was running a data safety operation for a client.