Malaysia Airlines has begun notifying customers via e-mail regarding a data security incident that involves members of its frequent flyer program, Enrich. It is not known how many customers are affected by the incident although the duration of the incident was quite significant.
Specifically, the incident involved a period of nine years – between March 2010 and June 2019 – according to the e-mail that the airline has sent to affected customers. It also said that the incident took place at one of Malaysia Airlines’ third-party IT service providers and did not affect the carrier’s own IT infrastructure as well as system.
Among personal data involved in the incident includes member names, date of birth, gender, and contact details as well as Enrich card number, status and tier level. However, flight itineraries, reservations, ticketing, ID card, and payment card were not part of the data breach.
Malaysia Airlines also stated that there is no evidence so far that suggests the information involved in the data incident has been used elsewhere. Additionally, even though account passwords were not part of the breach, the carrier recommends all Enrich members to change their passwords anyway and has warned them that Malaysia Airlines will never ask customers to update their details via a telephone call.
Curious enough, Malaysia Airlines didn’t widely disclose this data incident through its official website, Facebook, or Twitter at the time this article was published. We certainly should not ignore the fact that the data breach involved a period of nine years which is quite significant and this warrants a public announcement to all Malaysia Airlines’ customers.