Flag carrier Malaysia Airlines has started sending out emails to customers warning them about a data security incident that includes members of its prevalent flyer program, Enrich. It’s unknown how many customers are affected by this incident. However, the time span of this incident was very significant.
More precisely, the duration of the incident lasted 9 years between March 2010 and June 2019. This was shown on the email of affected customers sent by the airline. Furthermore, it was mentioned that the incident did not affect the IT infrastructure and system of the carrier. The incident also occurred at one of Malaysia Airlines’ third-party IT service providers.
Some personal data or details that possibly could’ve been compromised include member names, date of birth, gender, and contact details. It also includes frequent flyer number, frequent flyer status as well as frequent flyer tier level. Information regarding itineraries, reservations, ticketing, including ID card or payment card information of any sort, is not included as well.
Also, Malaysia Airlines have clarified that there’s no evidence as of now indicating that any personal data was misused or has been used somewhere else. There was no disclosure of any account passwords as well. Even if account passwords were not featured in the breach, the carrier encouraged Enrich members to alter their passwords as a precautionary step. Additionally, the carriers also told the members that the airline will never request customers to update their details through a phone call.
For anyone using Digital Profile, with the email as your username, you can update your password in this link. If members are still using the Enrich ID which only allows numbers as the login, you can instead alter your password here. A new password should have at least 8-16 characters with the inclusion of uppercase and lowercase characters along with numbers.
A reminder for everyone from Malaysia Airlines, the flag carrier will not be contacting members regarding the update of personal information through a telephone call. If the personal information was controlled by someone unknown, scamming activities could be of its use.
Malaysia Airlines is a very evasive flag carrier regarding the nature of the data and the way it has conceded. Moreover, this includes the name of the third-party responsible for maintaining data sets.
In the EU, customers have the right to file a complaint to authorities if the same problems were faced there. Malaysia cannot just put aside this matter and has to be dealt with sooner or later. Keep in mind, this has been going for 9 years. It’s just very reckless handling and dealing of its customer service team.