Malaysia Airlines has had a nearly decade-long data breach that revealed details about members of its frequent flyer program, Enrich, from their names to their gender.
The airlines has admitted to the breach and said it was notified by a third-party IT service provider about the issue which took place between March 2010 and June 2019, according to Bleeping Computer. While passwords were not involved, said Malaysia Airlines, members' contact information, their rewards tier level, their frequent flyer number and their birthdays were part of the breach.
Enrich members should be starting to get emails from Malaysia Airlines. That means is members start to get phone calls or text messages alerting them to the hack, and asking them to verify details or offer up more about themselves, they should probably call the airlines directly to avoid getting caught in a phishing scam.
Data breaches are almost a daily global occurrence, the impact affecting nearly any business or enterprise that is on the web from big brands to government agencies. In the case here with Malaysia Airlines, this breach appears to have taken place not on its own system, but on another party's system — and yet it has affected the details that the airline had collected on its own rewards members.
Over Twitter, the airline stated this as well, that its computer systems were not involved in the breach, but instead happened on a third-party's network. And the airline further encouraged members to change their passwords.
"However, the airline is monitoring any suspicious activity concerning its members' accounts and [is] in constant with the affected IT service provide to secure Enrich members' data and investigate the incidents scope and causes."