Indonesia, Malaysia probe Lion Air customer data leak

Two of the airline's subsidiaries, Malaysia-based Malindo Air and Thai Lion Air, acknowledged passenger data may have been stolen from remote servers operated by Amazon.
Two of the airline's subsidiaries, Malaysia-based Malindo Air and Thai Lion Air, acknowledged passenger data may have been stolen from remote servers operated by Amazon.PHOTO: AFP

JAKARTA (AFP) - The authorities are probing a customer data leak at Lion Air, Indonesia's communications ministry said on Friday (Sept 20), in a breach that reportedly affected millions of the carrier's customers.

Two of the airline's subsidiaries, Malaysia-based Malindo Air and Thai Lion Air, acknowledged passenger data may have been stolen from remote servers operated by Amazon.

"Thai Lion Air has come to be aware that some personal data concerning our passengers hosted on a cloud-based environment may have been compromised," it said in a statement.

Lion Air - South-east Asia's biggest airline by fleet size - said it was cooperating with an Indonesian-Malaysian investigation into the apparent hack, which also affected Lion units Batik Air and Wings Air.

The leak involved the names, birthdays, addresses, phone numbers and other details of up to 35 million customers, the Jakarta Post reported, citing a source.

Lion did not reveal how many customers were affected, but said its payment information was not stored on the affected servers.

Amazon Web Services, which operates servers that stored the breached data, declined to comment.