Authorities are probing a customer data leak at Lion Air, Indonesia’s communications ministry said Friday, in a breach that reportedly affected millions of the carrier’s customers.
Two of the airline’s subsidiaries, Malaysia-based Malindo Air and Thai Lion Air, acknowledged passenger data may have been stolen from remote servers operated by Amazon.
“Thai Lion Air has come to be aware that some personal data concerning our passengers hosted on a cloud-based environment may have been compromised,” it said in a statement.
Lion Air — Southeast Asia’s biggest airline by fleet size — said it was cooperating with an Indonesian-Malaysian investigation into the apparent hack, which also affected Lion units Batik Air and Wings Air.
The leak involved the names, birthdays, addresses, phone numbers and other details of up to 35 million customers, the Jakarta Post reported, citing a source.
Lion did not reveal how many customers were affected, but said their payment information was not stored on the affected servers.
Amazon Web Services, which operates servers that stored the breached data, declined to comment.