A Nine-Year-Long Data Breach was Disclosed by Malaysia Airlines
A major data breach spanned over 9 years and exposed personal information of enlisted members in the Enrich frequent flyer program.
A security breach occurred via a third-party IT service provider. The service provider notified the airline warning that data of the Enrich program was exposed to security breaches between March 2010 and June 2019.
About the Enrich flyer program
Enrich is the frequent flyer program of Malaysia Airlines. The passengers, both regular customers and companies, used their personal data in order to enter the program.
What actually happened?
On Monday, Malaysia Airlines started emailing members of their Enrich rewards program disclosing they were affected by a data breach.
According to Malaysia Airlines, the breach occurred at a third-party IT service provider who notified the airline that member data was exposed between March 2010 and June 2019.
“Malaysia Airlines was notified of a data security incident at one of its third-party IT service providers which involved some personal data of members of Enrich, Malaysia Airlines’ Frequent Flyer Programme between the period of March 2010 and June 2019. The incident did not affect Malaysia Airlines’ own IT infrastructure and systems in any way.”
The leaked member information, included member names, contact information, birthdates, gender, frequent flyer number, status and their personal rewards tier level. Nevertheless, this did not include Enrich member’s itineraries, reservations, ticketing, or any ID card or payment card information.
How can Malaysia Airlines Enrich program members remain safe at this time?
Malaysia Airlines says no passwords were exposed and there is no evidence of misuse but they recommend users should change their passwords anyway, just to be on the safe side.
At the time this news had come into our attention, it was still unknown how many Enrich members were affected by this breach.
“Malaysia Airlines has no evidence that any personal data has been misused and the incident did not disclose any account passwords,” the statement read. “We are nevertheless encouraging Enrich members to change their account passwords as a precautionary measure. The incident did not affect Malaysia Airlines’ own IT infrastructure and systems in any way.”
The first step would be to immediately login to your account and change the password, keeping in mind that if this is a password you are using for multiple services, you should change it on those platforms as well.
Handle your phone calls with care, Malaysia Airlines warned that it won’t be contacting the Enrich members in regards to any updates necessary over the phone, so if you receive a phone call that’s claiming to come from Malaysia Airlines regarding this security breach and asking for further information, you should become immediately suspicious and hang up the call as soon as possible.
This type of contact might happen, it’s pretty common for cyber attackers to use the stolen data to perform malicious activities.