Logo of Phnom Penh Post newspaper Phnom Penh Post - Lion Air data stolen and leaked by former GoQuo employees

Lion Air data stolen and leaked by former GoQuo employees

Content image - Phnom Penh Post
A Lion Air plane at Soekarno-Hatta International Airport in Tangerang, Banten. THE JAKARTA POST/ANN

Lion Air data stolen and leaked by former GoQuo employees

Malaysia-based airline and Lion Air Group subsidiary Malindo Air has announced the result of its investigation of a data breach that leaked the personal details of some 35 million customers online.

“As a result of the findings, two former employees of [Malindo Air’s] e-commerce services provider, GoQuo Sdn Bhd in its development centre in India, had improperly accessed and stolen the personal data of our customers. The matter has been reported to the police, both in Malaysia and India,” the airlines wrote in a statement on Monday.

The company said it had been working closely with all the relevant agencies, including the Malaysian Personal Data Protection Commissioners, the National Cyber Security Agency, as well as their counterparts overseas.

“Malindo Air is pleased to advise that the data exposure has since been contained,” it added. “Malindo Air wishes to reiterate that this incident is not related to the security of its data architecture or that of its cloud provider Amazon Web Services. All its systems are fully secured and none of the payment details of customers were compromised due to the malicious act.”

Passengers of Batik Air, Malindo Air and Thai Lion Air were shocked when they discovered that their personal details had been posted online sometime in August, according to a cybersecurity research collective, making them vulnerable to various kinds of cybercrime, including identity theft.

The breach was discovered earlier this month by online cybersecurity intelligence collective Under the Breach, which goes by the Twitter handle @underthebreach. The collective posted censored screenshots of Thai Lion Air’s internal data in a brief Twitter thread, showing the sheer scale of the data theft.

The breach has put a spotlight on data protection, which remains a dire concern among businesses in Indonesia, and was also a warning of how fragile data security is in the aviation industry.

Last year, the data of 9.4 million Cathay Pacific passengers were also leaked.

“Cybercriminals will have seen the data breaches affecting other airlines and make the assumption that these are targets worth focusing on, especially considering the sensitive information airlines hold on their customers,” said Aaron Zander, head of IT at HackerOne.

“Leaving a server exposed without any protection is one of the most basic and embarrassing security failings, but still, these breaches continue to happen across the board. When it comes to securing the data of ever more informed consumers, the basics of security need to be covered at a minimum.”

He added that the recent passenger data leak must be used as a lesson for the industry to double down on its security.

“It is also important to remember to check and recheck your security. Modern engineering teams have many people who can improve your infrastructure and security, but equally as many people can make a mistake. Continued testing and checks help keep everyone’s data safe, especially your customers,” he said.



  • Purging Sihanoukville’s past with a new masterplan

    Amid illicit activities, haphazard development and abandoned projects, the coastal city of Sihanouk province needs a reset to move forward. A new masterplan might be the answer to shake off its seemingly mucky image to become the Shenzhen of the south Gun toting, shootouts, police

  • Chinese may be first in tourism revival: PM

    Cambodia's tourism industry is gearing up to roll out the red carpet for Chinese travellers after Prime Minister Hun Sen on September 17 indicated that the Kingdom could soon throw open its doors to international holidaymakers vaccinated against Covid-19 – starting with guests from China. Cambodia Chinese

  • Tourism concerns laid bare

    To ensure the success of plans to reopen the tourism market for international visitors, Cambodia must pay utmost attention to two primary determinants – the ongoing paradigm shift in domestic tourism services towards the ‘new normal’, and the factors influencing choices of destinations among foreign holidaymakers.

  • Airline says ready for green light to reopen international tourism

    Sky Angkor Airline Co Ltd on September 21 said it is ready to transport South Korean and Chinese tourists to the Kingdom once the Cambodian government makes good on plans to reopen its borders to vaccinated travellers. The Siem Reap-based airline made the remark during a

  • Covid jab drive for 6-11 age group to begin Sept 17

    Prime Minister Hun Sen has permitted Covid-19 vaccinations for over 1.8 million children aged 6-11 across the country from September 17 in order for them to return to school after a long hiatus. Hun Sen also hinted that vaccinations for the 3-6 age group will follow in

  • No ‘Crown Prince’ exists to buy France football club: ministry

    The Ministry of the Royal Palace has denied media reports that a Cambodian “Crown Prince” had purchased the AS Saint Etienne football club of France’s top-flight LIGUE 1 at the cost of €100 million ($117 million). In a press statement on September 19, the ministry stressed that Cambodia