Malaysia Airlines suffers data security 'incident' spanning nine years
Malaysia Airlines has suffered a data security "incident" that compromised personal information belonging to members of its frequent flyer programme, Enrich. The breach is purported to have occurred at some point during a period that spans almost a decade and involves a third-party IT service provider.
The airline had sent out an emailer to Enrich members this week, stating it was notified of a "data security incident" at the third-party IT supplier. The breach involved "some personal data" and occurred some time between March 2010 and June 2019, it said, adding that these details included members' name, date of birth, contact information, and various frequent flyer data such as number, status, and tier level.
Travel data such as itineraries, reservations, ticketing, and ID card, as well as payment details were not compromised, according to Malaysia Airlines. Its own IT infrastructure or systems also were not affected, the carrier said. It noted that there was "no evidence" any personal data had been misused and the breach did not expose any account passwords, though, it urged Enrich members to change their passwords as a precaution. The airline also directed customers to pose any queries they might have directly via email to its data privacy officer.