Enrich - data security incident

[AIRwin]

Received this email overnight:

Malaysia Airlines was notified of a data security incident at one of its third-party IT service providers which involved some personal data of members of Enrich, Malaysia Airlines’ Frequent Flyer Programme between the period of March 2010 and June 2019. The incident did not affect Malaysia Airlines’ own IT infrastructure and systems in any way.

The personal data involved in the incident included Enrich member names, date of birth, gender, contact details, frequent flyer number, frequent flyer status and frequent flyer tier level. It did not include any information about itineraries, reservations, ticketing, or any ID card or payment card information.

Malaysia Airlines has no evidence that any personal data has been misused and the incident did not disclose any account passwords. We are nevertheless encouraging Enrich members to *change their account passwords as precautionary measure.

 

[Melburnian1]

Received this email overnight:

Malaysia Airlines was notified of a data security incident at one of its third-party IT service providers which involved some personal data of members of Enrich, Malaysia Airlines’ Frequent Flyer Programme between the period of March 2010 and June 2019. The incident did not affect Malaysia Airlines’ own IT infrastructure and systems in any way.

The personal data involved in the incident included Enrich member names, date of birth, gender, contact details, frequent flyer number, frequent flyer status and frequent flyer tier level. It did not include any information about itineraries, reservations, ticketing, or any ID card or payment card information.

Malaysia Airlines has no evidence that any personal data has been misused and the incident did not disclose any account passwords. We are nevertheless encouraging Enrich members to *change their account passwords as precautionary measure.

Nine and one third years! Is this some sort of (dubious) record?

No wonder the show's broke!

 

[Daver6]

I too received this email.

Have to just laugh at this attitude though. After telling us it happened some time almost a ten year period they're on to the bit about how it's all about them

The incident did not affect Malaysia Airlines’ own IT infrastructure and systems in any way.

Then towards the end of the email...

Keeping your online account and personal information secure is of the utmost importance to us.

Yes, so important that this comment comes at the end, they had no idea for so long but its ok, their internal infrastructure is safe.

Finally, why are they suggesting I update my password? They seem to know what information was compromised. If the password DB wasn't then why change.

It's almost like Eddie Mcguire prepared this statement for them. Level of confidence in this airline isn't high.

 

[Ric]

This can be a great airline ONLY if they practise meritocracy and don't let nationalism and the New economic policy get in the way!

 

[kyanar]

It's almost certainly referring to the SITA PSS breach, with most speculating that Air India was the carrier who was the source of it - though every other carrier only mentioned the loyalty details, and were StarAlliance or StarAlliance partners. Hmm.