With the data breach impacting on Lion Air, the breached data includes the following passenger information: full names, home addresses, email addresses, dates of birth, telephone numbers, and passport numbers and expiration dates. According to ZDNet, Amazon Web Services (AWS) Singapore has now said that all servers containing data of Malindo Air customers are secured “with no further vulnerabilities”.
In terms of what happened, the files of passengers who flew with Thai Lion Air and Malindo Air, were stored in an open Amazon Web Services bucket, where a hacker gained access and dumped the files online. Malindo Air has confirmed the breach in a statement on its website; however, it has not provided any details on the scope of the compromise. The company is in the midst of notifying passengers about the data compromise, while adding that no payment card details had been exposed in the incident.
“Our in house teams along with external data service providers, Amazon Web Services (AWS) and GoQuo, our e-commerce partner, are currently investigating into this breach,” Malindo Air said.
Discussing the matter with Digital Journal, Ben Goodman, CISSP and SVP of global business and corporate development, ForgeRock explains that “at approximately 4.6 billion, 2019 may set a record in the number of scheduled passengers handled by the global airline industry.” Lion Air follows British Airways, Cathay Pacific, and Air Canada in the list of airline companies which have suffered a major data breach in the past few years.
Drawing on data security issues affecting the airline sector in general, he explains: “With all those customers, airline companies are responsible for protecting a staggering amount of data”. This makes the airline sector “a hot target for threat actors to unleash malicious attacks.”
It is time of airlines to do more to protect passenger data, according to Goodman. However, many airlines are now starting to become proactive in the matter. In terms of measures being taken, Goodman notes: “Airline companies are looking into using biometrics and facial recognition to expedite boarding processes.” However, this itself bring with it issues of data security. Goodman adds: “it is critical that airlines and other organizations that regularly handle sensitive consumer data understand the serious risk associated with a breach of that information, including data leaks due to misconfigurations.”
Implementing such technologies has been helped by recent advancements, as Goodman explains: “It’s now easier than ever to utilize security strategies and tools that prescribe real-time, contextual and ongoing security, detecting abnormal behavior and prompting further action to validate identity.”