- The breach is purported to have occurred at some point during a period that spans almost a decade and involves a third-party IT service provider.
- The airline had sent out an emailer to Enrich members this week, stating it was notified of a “data security incident” at the third-party IT supplier.
- At press time, Malaysia Airlines had yet to make a public statement on the security breach or post a notice on its website. It did, however, appear to confirm the incident on Twitter in its replies to customers.
- In one of several such responses, the national carrier said: “The data security incident occurred at our third-party IT service provider and not Malaysia Airlines’ computer systems. However, the airline is monitoring any suspicious activity concerning its members’ accounts and in constant contact with the affected IT service provider to secure Enrich members’ data and investigate the incident’s scope and causes.”
– Eileen Yu | March 2, 2021