{"id":3299,"date":"2021-03-03T11:59:37","date_gmt":"2021-03-03T15:59:37","guid":{"rendered":"https:\/\/solutionsreview.com\/security-information-event-management\/?p=3299"},"modified":"2021-05-12T11:01:10","modified_gmt":"2021-05-12T15:01:10","slug":"key-lessons-from-the-malaysia-airlines-nine-year-data-breach","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/security-information-event-management\/key-lessons-from-the-malaysia-airlines-nine-year-data-breach\/","title":{"rendered":"Key Lessons from the Malaysia Airlines Nine-Year Data Breach"},"content":{"rendered":"

\"Key<\/p>\n

Malaysia Airlines recently disclosed suffering from a nine-year data breach; the breach possibly exposed the personal information of members in its Enrich frequent flyer program. <\/strong><\/em><\/p>\n

According to <\/span>reports<\/span><\/a>, the breach occurred due to a third-party IT service provider.\u00a0<\/span><\/p>\n

At this time, it remains unknown how many Enrich users were affected by the breach. In a statement, Malaysia Airlines said: \u201cMalaysia Airlines has no evidence that any personal data has been misused and the incident did not disclose any account passwords. We are nevertheless encouraging Enrich members to change their account passwords as a precautionary measure. The incident did not affect Malaysia Airlines\u2019 own IT infrastructure and systems in any way.\u201d<\/span><\/p>\n

The information possibly exposed includes member names, contact information, date of birth, gender, frequent flyer number, status. and rewards tier level.\u00a0<\/span><\/p>\n

A nine-year data breach certainly merits discussion and best practices. We reach out to several cybersecurity<\/a><\/strong><\/span> experts for their thoughts on the matter.\u00a0\u00a0<\/span><\/p>\n


Widget not in any sidebars
<\/span><\/p>\n

Key Lessons from the Malaysia Airlines Nine-Year Data Breach<\/b><\/h2>\n

Demi Ben-Ari<\/b><\/h3>\n

Demi Ben-Ari is Co-founder and CTO of <\/span><\/i>Panorays<\/span><\/i><\/a>.<\/span><\/i><\/p>\n

“The recent data breach at Malaysia Airlines illustrates how customers’ personal data can be compromised through a third-party provider. Unfortunately, this is not the first time an airline has experienced a third-party data breach, and it likely won’t be the last. To prevent such incidents, it’s crucial for every company to perform comprehensive evaluations of their third parties that combine external attack surface assessments, security questionnaires and business context for the most accurate view of vendor cyber risk. In addition, continuous monitoring is absolutely necessary for ongoing visibility, insight and control of third-party security risk.”<\/span><\/p>\n

Chris Clements<\/b><\/h3>\n

Chris Clements is VP of Solutions Architecture at <\/span><\/i>Cerberus Sentinel<\/span><\/i><\/a>.<\/span><\/i><\/p>\n

“One of the worst aspects of \u2018supply chain\u2019 attack compromises is that it can be even harder to detect than a direct breach of an organization.\u00a0 Now more than ever businesses need to fully vet and actively manage vendors who may be able to access sensitive systems or data.\u00a0 A strong vendor management program can go a long way to preventing exposure by requiring third parties that interact with a business\u2019s data or systems follow information security best practices and can demonstrate due diligence by adhering to well-known security standards such as NIST or ISO and also perform regular security testing to ensure that no mistakes that could lead to exposures have fallen through the cracks.”<\/span><\/p>\n

Purandar Das<\/b><\/h3>\n

Purandar Das is CEO and Co-Founder of <\/span><\/i>Sotero<\/span><\/i><\/a>.<\/span><\/i><\/p>\n

\u201cOrganizations continue to be impacted by under-protected third-party service providers. While such services are a key part of an organization\u2019s customer services, they pose an increasing risk to the company. This is an area that is being increasingly targeted by hackers. The reason is fairly simple. Service providers are less organized in terms of security.<\/span><\/p>\n

Their infrastructure is less secure and more easily penetrated. Hackers target them knowing that their access to potentially valuable data is easier. On the surface, this data seems less likely to cause damage to the consumer.\u201d\u00a0<\/span><\/p>\n

\u201cHowever, this stolen data forms a part of the consumers’ profile that is created by data stolen from many locations. In totality, this enables the hackers to assemble a strong profile of the consumers and their behavior and could be used to target them for nefarious purposes. The fact that this breach happened over a long period of time without detection indicates the lack of security at the service provider. It is also unlikely that this data was not used for wrong reasons if the breach lasted as long it did. If the data was useless, the hackers would have moved on. It is time for organizations to take control of their data and its protection even when it is in the hands of service providers.\u201d<\/span><\/p>\n

<\/div><\/p>\n

Thanks to these cybersecurity experts for their thoughts on the nine-year data breach. For more on third-party security, check out our SIEM Buyer\u2019s Guide<\/a>.<\/strong><\/span>\u00a0<\/span><\/p>\n


Widget not in any sidebars
<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

Malaysia Airlines recently disclosed suffering from a nine-year data breach; the breach possibly exposed the personal information of members in its Enrich frequent flyer program. According to reports, the breach occurred due to a third-party IT service provider.\u00a0 At this time, it remains unknown how many Enrich users were affected by the breach. In a […]<\/p>\n","protected":false},"author":41,"featured_media":3058,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[551,1],"tags":[353,1288,95,145,112,86,1517,1518,1512,21,57,22,1519,1133],"acf":[],"yoast_head":"\nKey Lessons from the Malaysia Airlines Nine-Year Data Breach<\/title>\n<meta name=\"description\" content=\"Malaysia Airlines recently disclosed suffering from a nine-year data breach; the breach possibly exposed the personal information of its Enrich program.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/security-information-event-management\/key-lessons-from-the-malaysia-airlines-nine-year-data-breach\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Key Lessons from the Malaysia Airlines Nine-Year Data Breach\" \/>\n<meta property=\"og:description\" content=\"Malaysia Airlines recently disclosed suffering from a nine-year data breach; the breach possibly exposed the personal information of its Enrich program.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/solutionsreview.com\/security-information-event-management\/key-lessons-from-the-malaysia-airlines-nine-year-data-breach\/\" \/>\n<meta property=\"og:site_name\" content=\"Best Information Security SIEM Tools, Software, Solutions & Vendors\" \/>\n<meta property=\"article:published_time\" content=\"2021-03-03T15:59:37+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-05-12T15:01:10+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/06\/Dark-web-mod.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Ben Canner\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ben Canner\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/key-lessons-from-the-malaysia-airlines-nine-year-data-breach\/\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/key-lessons-from-the-malaysia-airlines-nine-year-data-breach\/\",\"name\":\"Key Lessons from the Malaysia Airlines Nine-Year Data Breach\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/key-lessons-from-the-malaysia-airlines-nine-year-data-breach\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/key-lessons-from-the-malaysia-airlines-nine-year-data-breach\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/06\/Dark-web-mod.jpg\",\"datePublished\":\"2021-03-03T15:59:37+00:00\",\"dateModified\":\"2021-05-12T15:01:10+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\"},\"description\":\"Malaysia Airlines recently disclosed suffering from a nine-year data breach; the breach possibly exposed the personal information of its Enrich program.\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/key-lessons-from-the-malaysia-airlines-nine-year-data-breach\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/security-information-event-management\/key-lessons-from-the-malaysia-airlines-nine-year-data-breach\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/key-lessons-from-the-malaysia-airlines-nine-year-data-breach\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/06\/Dark-web-mod.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/06\/Dark-web-mod.jpg\",\"width\":800,\"height\":400,\"caption\":\"Panther Labs Releases State of SIEM 2021 Report\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/key-lessons-from-the-malaysia-airlines-nine-year-data-breach\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/security-information-event-management\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Key Lessons from the Malaysia Airlines Nine-Year Data Breach\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#website\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/\",\"name\":\"Best Information Security SIEM Tools, Software, Solutions & Vendors\",\"description\":\"Buyer's Guide and Best Practices\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/security-information-event-management\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\",\"name\":\"Ben Canner\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"caption\":\"Ben Canner\"},\"description\":\"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/author\/bcanner\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Key Lessons from the Malaysia Airlines Nine-Year Data Breach","description":"Malaysia Airlines recently disclosed suffering from a nine-year data breach; the breach possibly exposed the personal information of its Enrich program.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/security-information-event-management\/key-lessons-from-the-malaysia-airlines-nine-year-data-breach\/","og_locale":"en_US","og_type":"article","og_title":"Key Lessons from the Malaysia Airlines Nine-Year Data Breach","og_description":"Malaysia Airlines recently disclosed suffering from a nine-year data breach; the breach possibly exposed the personal information of its Enrich program.","og_url":"https:\/\/solutionsreview.com\/security-information-event-management\/key-lessons-from-the-malaysia-airlines-nine-year-data-breach\/","og_site_name":"Best Information Security SIEM Tools, Software, Solutions & Vendors","article_published_time":"2021-03-03T15:59:37+00:00","article_modified_time":"2021-05-12T15:01:10+00:00","og_image":[{"width":800,"height":400,"url":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/06\/Dark-web-mod.jpg","type":"image\/jpeg"}],"author":"Ben Canner","twitter_misc":{"Written by":"Ben Canner","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/key-lessons-from-the-malaysia-airlines-nine-year-data-breach\/","url":"https:\/\/solutionsreview.com\/security-information-event-management\/key-lessons-from-the-malaysia-airlines-nine-year-data-breach\/","name":"Key Lessons from the Malaysia Airlines Nine-Year Data Breach","isPartOf":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/key-lessons-from-the-malaysia-airlines-nine-year-data-breach\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/key-lessons-from-the-malaysia-airlines-nine-year-data-breach\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/06\/Dark-web-mod.jpg","datePublished":"2021-03-03T15:59:37+00:00","dateModified":"2021-05-12T15:01:10+00:00","author":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541"},"description":"Malaysia Airlines recently disclosed suffering from a nine-year data breach; the breach possibly exposed the personal information of its Enrich program.","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/key-lessons-from-the-malaysia-airlines-nine-year-data-breach\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/security-information-event-management\/key-lessons-from-the-malaysia-airlines-nine-year-data-breach\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/key-lessons-from-the-malaysia-airlines-nine-year-data-breach\/#primaryimage","url":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/06\/Dark-web-mod.jpg","contentUrl":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/06\/Dark-web-mod.jpg","width":800,"height":400,"caption":"Panther Labs Releases State of SIEM 2021 Report"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/key-lessons-from-the-malaysia-airlines-nine-year-data-breach\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/security-information-event-management\/"},{"@type":"ListItem","position":2,"name":"Key Lessons from the Malaysia Airlines Nine-Year Data Breach"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#website","url":"https:\/\/solutionsreview.com\/security-information-event-management\/","name":"Best Information Security SIEM Tools, Software, Solutions & Vendors","description":"Buyer's Guide and Best Practices","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/security-information-event-management\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541","name":"Ben Canner","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","caption":"Ben Canner"},"description":"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.","url":"https:\/\/solutionsreview.com\/security-information-event-management\/author\/bcanner\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts\/3299"}],"collection":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/users\/41"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/comments?post=3299"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts\/3299\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/media\/3058"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/media?parent=3299"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/categories?post=3299"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/tags?post=3299"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}