KOCHI: Kochi-based cybersecurity and big data startup ‘Technisanct’ has exposed the data breach of Malindo Air, a Malaysian airlines operator. Personal information which includes passport details, contact details, addresses, email ids and reservation ids of about 30 million customers were revealed on various data exchange forums. “The security breach was recognised by Technisanct’s flagship product ‘Integrite’ which continuously monitors and identifies cyber risks, including data breaches, credential leakage, phishing sites, privacy issues, misinformation of brands etc. In addition to Malindo Air, information pertaining to passengers of Thai Lion Air and Batik Air has also been compromised,” a press release said here on Thursday.
The breach in data was identified by ‘Integrite’ while running the tool to diagnose threats for a few of the company’s clients. The violation was recognised on August 12 by the company authorities though it was not revealed until September 2. The company officials approached Malindo Air through social media platforms regarding the data breach but the team was reluctant to reply. Later, leaked data were made available on hacker forums like mega.nz, openload.ac and through Telegram for 5 to 10 dollars and a few on credit basis.
Nandakishore Harikumar, CEO of Technisanct Technologies, intimated the issue to the CEO of Malindo Air, Chandran Rama Muthy, and forwarded a report on September 11. Unfortunately, no further actions were taken until media intervention. It is assumed the data has been leaked from an external vendor of the company, the release said.
“In Asia, most of the brands are least aware of the cybersecurity culture. I believe in Asia except for Singapore none of the countries are conscious about their data and there is no system in place to protect the data of the customers. Unlike Asia, Europe has General Data Protection Regulation (GDPR) for all individual citizens and a single data leak can cost the brand a hefty fine. I strongly believe cybersecurity should be an essential criterion in the development strategy of a brand to avoid such breaches in future,” said Nandakishore.