Shahrin Aizat Noorshahrizam reports:
National carrier Malaysia Airlines informed members of its frequent flyer programme Enrich that there had been a “data security incident” at one of its third-party IT service providers.
According to the airlines, the incident happened between a nine-year-period from March 2010 to June 2019.
Read more on Malay Mail.
The airline’s email (a copy of which can be seen here) is generating news reports throughout their country, but the email does not appear to state exactly what was involved in this third-party incident. Was it a nine-year exploitation of a vulnerability in the the third-party’s system? Was it a rogue employee just copying data? What happened? Has any news site gotten the airline to clarify that?