Malaysia Airlines has sent out an email to their Enrich members that there has been a data leak at one of it’s IT providers and customer data has been compromised.
Individuals with an Enrich / Malaysia Airlines profile are recommended to change their passwords in order to protect themselves from possible hacks and theft of further data or mileage.
Malaysia Airlines emphasizes that this breach took place at a “third party IT provider” however in the end the carrier bears full responsibility for the failure to protect the customers personal information:
Malaysia Airlines was notified of a data security incident at one of its third-party IT service providers which involved some personal data of members of Enrich, Malaysia Airlines’ Frequent Flyer Programme between the period of March 2010 and June 2019. The incident did not affect Malaysia Airlines’ own IT infrastructure and systems in any way.
The personal data involved in the incident included Enrich member names, date of birth, gender, contact details, frequent flyer number, frequent flyer status and frequent flyer tier level. It did not include any information about itineraries, reservations, ticketing, or any ID card or payment card information.
Malaysia Airlines has no evidence that any personal data has been misused and the incident did not disclose any account passwords. We are nevertheless encouraging Enrich members to *change their account passwords as precautionary measure.
Keeping your online account and personal information secure is of the utmost importance to us. If you require further guidance on how to protect your personal information or have any questions about any aspect of this letter, please contact our Data Privacy Officer at firstname.lastname@example.org or email@example.com
Please note that Malaysia Airlines will not be contacting members with regard to updating your personal information via telephone call.
*To change password to your Enrich Online account, please click on one of the following links:
I wouldn’t recommend to click on any links in this email. If you want to change your password go to the website manually, log in and change all particulars.
Malaysia Airlines is very elusive here when it comes to the nature of the data, the way it has been compromised or the name of the third party who was maintaining the data sets.
This is just one airline that has been hit with data protection failures. Customers in the EU or EU citizens can likely file a complaint with authorities.
British Airways is currently being sued in a class action lawsuit which will cost them dearly after the company encountered data breaches.
Some of these companies are truly reckless when it comes to the handling of customer information. Many don’t properly invest in IT security, don’t have sufficiently competent specialists working on the matter or outsource it entirely and therefore losing any personal control over that date as it appears to have happened in this case.
Nobody forced MH to outsource their data and they are ultimately responsible for anything that happens to it.