In a peculiar revelation of cyber breach events, Malaysia airlines recently reported a cybersecurity attack that compromised the data from their frequent flyer campaign. What is even more appalling is that the cyber breach spanned a period of nine years in the airline’s organization.
According to the reports of Malaysia Airlines, the cyber breach incident was a consequence of a third-party IT service provider which was operating the airline’s Enrich rewards program.
The program allows frequent flyers to win miles and reward points wherever they travel via Malaysia Airlines.
The IT service provider, that resulted in the cyber breach, was operating the program for a rather long period of time, back from March 2010 to June 2019.
The cyber breach reportedly exposed vital data of the Enrich program members including names, dates of birth, gender, contact information, statues, flyer numbers as well as rewards and miles earned.
However, Malaysia Airlines affirmed to its clients that the breach did not compromise or expose data that included itineraries, ticketing, reservations, ID cards, or payment information.
Even passwords and other details remain uncompromised from the breach, according to the Airlines.
However, Malaysia Airlines has recommended its clients and customers update or modify private details and passwords to evade any future risks or data theft attacks.
Cyber Breach becoming common in IT services:
Even though the exact details of the cyber breach remain unclear, the particular incident has surfaced at a time when Singtel Group also reported a similar cyber attack in the previous month. Singtel Group’s cyber attack was one of the many Accellion FTA data breach victims, which also included the Washington SAO, University of Colorado, Kroger Co. and many more.
It is not to be overlooked that Accellion’s data breach generates a sense of concern against cloud services and systems and their approach towards cybersecurity measures. Cloud services and providers have seemingly become peculiar targets for cyber breaches and data vulnerability attacks.
Importance of security measures against cyber breach:
Cybersecurity experts detail that considering the rather long range of time period that left Malaysia Airlines vulnerable to the data breach incident, it can be concluded that inadequate monitoring and absence of proper alerting systems in the Airlines had a big role to play.
Airlines are commonly observed to be primary high profile targets of bad actors to implement cyber-breach attacks, with loyalty data that can be easily encashed and significant volumes of data including often a large volume of payment data that can be compromised.
Cybersecurity experts also observed that that organizations continue to be jeopardized by third-party service providers that don’t implement adequate protective measures against intense data and security threats. Bad actors remain at an advantage against such poorly cyber-secured systems, conscious of the fact that their access to potentially valuable data is easier in such cases.