Malindo confirms charges against it over data breach

The airline company says the charges against it are without merit. (Bernama pic)

PETALING JAYA: Malindo Air has confirmed that it was charged earlier this month over a data breach involving the personal details of its passengers, adding that it has pleaded not guilty.

The airline company said it was challenging the nature of the charges against it, stressing that it had consistently acted professionally in handling the issue.

“Coincidentally too, the court reprimanded the prosecution for one of the charges that was vaguely drafted. This was then orally amended by the prosecution.

“We believe that the charges against us are without merit and we intend to defend our position,” it said in a statement today.

Malindo maintained that it had fully cooperated with the relevant investigating agencies in Malaysia and internationally, adding that it had constantly updated the authorities and passengers on the matter.

It stressed that no payment and card details were leaked and that practical measures were taken to ensure customers’ personal data were protected.

A source close to the matter had told FMT that the airline company claimed trial under the Personal Data Protection Act at the Sessions Court in Kuala Lumpur, with the case fixed for mention on March 9.

In September last year, it was reported that details of around 30 million passengers of Malindo and fellow Lion Group subsidiary, Thai Lion Air, were posted in online forums.

According to Moscow-based cybersecurity firm Kaspersky Lab, the leaked information included passengers’ passport details, addresses and phone numbers.

The files were uploaded and stored in an open Amazon Web Services (AWS) bucket, a public cloud storage resource. AWS is an external data service provider for Malindo.

Kaspersky said parts of the leaked database were up for sale on the Dark Web.

Malindo Air later blamed two former employees of its e-commerce contractor for the data leak.