Following incidents at other airlines, Indonesian carrier PT Lion Mentari Airlines, known as Lion Air, is looking into a breach that reportedly led to passenger data on its Thai and Malaysian units to be leaked on the web. The carrier said in a statement that Malindo Airways passenger data may have been comprised, Bloomberg reported.
Malindo is at work with GoQuo, an eCommerce partner, and Amazon Web Services Inc., its data service provider, to probe the data breach. “We are still investigating the extent of the problem,” a director at the Indonesian carrier, Daniel Putut, said per the news outlet. “It is only affecting the Malaysian and Thailand operations.”
The carrier is reportedly telling relevant authorities, with the inclusion of CyberSecurity Malaysia, about the incident. Airlines have been the targets of multiple data breaches that have been high profile in recent years, with the report noting that “hundreds of thousands” of customers at two particular major airlines had information hacked since last year.
In separate news, the U.K. Information Commissioner’s Office (ICO) had fined British Airways more than £183m for a data breach involving the theft of over a half a million users’ data, including card information, login info, names, addresses and booking information per a report in July. Hackers used a bogus site to confuse bookers. The ICO said the British Airways had “poor security arrangements,” essentially allowing the breach to happen.
“People’s personal data is just that — personal,” said Elizabeth Denham, information commissioner per a past report. “When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience. The law is clear, when you are entrusted with personal data you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”
The fine came out to roughly 1.5 percent of the airline’s £11.6bn turnover last year. That is reportedly in line with General Data Protection Regulation (GDPR) rules.