FILE PHOTO: A crew of Malindo Air prepares a flight departure at an airport in Subang, outside Kuala Lumpur, June 3, 2013. REUTERS/Bazuki Muhammad
KUALA LUMPUR (Reuters) – Indonesian Lion Group’s Malaysian subsidiary Malindo Air said on Monday that two former employees of its e-commerce contractor were responsible for its passenger data breach.
Malindo Air made the breach public last week after Moscow-based cybersecurity firm Kaspersky Lab said in a report that the details of around 30 million passengers of Malindo and another Lion Group subsidiary Thai Lion Air were posted in online forums.
Kaspersky said parts of the leaked databases were up for sale on the dark web.
Malindo Air said in a statement that two former employees of e-commerce services provider GoQuo (M) Sdn Bhd in their development centre in India “improperly accessed and stole the personal data of our customers”.
The airline said the data breach has since been contained and the matter has been reported to the police in Malaysia and India.
Malindo Air also said the breach was not related to the security of cloud service provider Amazon Web Services’ data architecture, and none of the payment details of customers were compromised.
Reporting by Liz Lee; Editing by Muralikumar Anantharaman