04 March 21, 16:46
Quote:Malaysia Airlines sent out an email to frequent flyer program members assuring them that there’s “no evidence” their personal data has been misused in the wake of a supply-chain attack via a third-party vendor. However, experts think that’s unlikely. And, they say the repercussions could be significant.
Malaysia Airlines’ frequent flyer program, Enrich, was breached sometime around March 2010 — and remained exposed until June 2019, leaving thousands of members’ personal data, including name, date of birth, gender, contact information, ID number, status and tier level unprotected, an email sent out to members from the company said.
Malaysia Airlines hasn’t released a formal statement, but its official Twitter account @MAS offered some explanation in a Mar. 1 response to a user, linking to news of the breach.
“…The data security incident occurred at our third-party IT service provider and not Malaysia Airlines’ computer systems.” the airline’s account responded. “However, the airline is monitoring any suspicious activity concerning its members’ accounts and in constant contact with the affected IT service provider to secure Enrich members’ data and investigate the incident’s scope and causes.”
A subsequent tweet from the airline added, “Kindly note that Malaysia Airlines has no evidence that the incident affected any account passwords. We nevertheless encourage members to change their passwords as a precautionary measure.”
Read more: https://threatpost.com/malaysia-air-down...ch/164472/