Personal data of Malaysia Airlines' Enrich members reportedly leaked over 9 years

Malaysia Airlines' (MAB) Enrich frequent flyer programme has notified users to change their passwords after a data security incident at one of its third-party IT service providers. Some personal data of Enrich members were comprised during the incident which occurred between March 2010 and June 2019, multiple media outlets including The Star reported.

According to MAB in an email, among the list of personal data compromised include Enrich member names, date of birth, contact details, gender, frequent flyer number, frequent flyer status and frequent flyer tier level, The Star reported. Information about itineraries, ticketing, reservations or payment card information were not compromised.

Despite this, the airline said it "has no evidence" that any personal data has been misused and no passwords were comprised during the incident. The airline's IT infrastructure and systems remain unaffected. However, members were encouraged to change their passwords as a precautionary measure, The Star said. The airline added that it would not be contacting members concerning the updating of their information via telephone. A+M has reached out to MAB for comment.

Separately, Singapore telco Singtel reported last month that personal information of about 129,000 Singtel customers were leaked following a recent breach on a third-party file sharing system. The information comprised a combination of name, date of birth, mobile number, and address. Its core operations and functions, however, remained unaffected and sound and group CEO Yuen Kuan Moon clarified that the incident involves a standalone system provided by a third-party vendor.

Meanwhile over the past few years, airlines including Malindo Air and Singapore Airlines have seen its customer data being compromised. The data breach for Malindo Air occurred in 2019 and saw the personal data of some of its passengers hosted on a cloud-based environment being compromised. That same year, SIA said a software bug on its website disclosed approximately 280 KrisFlyer members' details. In 278 of these cases, personal details such as name, email address, account number, membership tier status, total KrisFlyer miles, recent miles transactions, upcoming flights and KrisFlyer rewards were potentially exposed.

A+Ms Content 360 Week is back from 6 to 8 April this year! Super charge your content production, distribution and monetisation strategies by learning from brands such as NBA Asia, P&G, Malaysia Airlines, and Marriott International, among others. Sign up today!

Related articles:
Malaysia Airlines unveils new boarding music with traditional elements to play on brand identity
Malaysia Airlines wheels out incentives under Cuti-Cuti campaign to push domestic travel
Personal info of about 129k Singtel customers leaked in data breach
Analysis: Why RedMart SG's data breach is unlikely to dampen Lazada's mega 11.11 bash
Analysis: PR rule book amidst a data breach
COURTS slapped with SG$9,000 fine for data breach