PETALING JAYA: The personal data of 45 million Malindo Air customers, leaked in a data breach in 2019, has allegedly resurfaced on an online forum.
The database was made available on Sept 3, with the uploader alleging it includes email and physical addresses, dates of birth, passport numbers and the phone numbers of the airline’s customers.
A quick check revealed that not all 45 million entries in the database are legitimate, as it contains both dummy data and duplicated entries.
A user on the forum also claimed to be in possession of files containing the passenger ID, full names, emergency contact, nationality, along with passport issue and expiry dates but has yet to upload this database.
Malindo Air, which has rebranded itself as Batik Air, has yet to issue a statement on the authenticity of the claims.
The original data leak was discovered in 2019 after cybersecurity firm Kaspersky alerted users in Malaysia and Thailand that the personal info of 45 million passengers of Malindo Air and Thai Lion Air – both subsidiaries of the Lion Air Group – had been posted online with parts of the database being offered for sale.
The leak was acknowledged by the airline. In a statement, it said its findings revealed that “two former employees of its ecommerce services provider, GoQuo (M) Sdn Bhd in their development centre in India had improperly accessed and stole the personal data of our customers”.
At the time, Malindo said that the leak had been contained, without any of the payment details of customers being compromised.