By Liz Lee and Stanley Widianto
KUALA LUMPUR/JAKARTA, Sept 18 (Reuters) - Malaysia's MalindoAir, a subsidiary of Indonesia's Lion Group, said on Wednesdayit was investigating a data breach involving the personaldetails of its passengers.
Malindo Air's statement followed a report by Moscow-basedcybersecurity firm Kaspersky Lab that the details of around 30million passengers of Malindo and fellow Lion Group subsidiaryThai Lion Air were posted in online forums. The report said theleaked information included passengers' passport details,addresses and phone numbers.
Lion Group and Thai Lion Air could not immediately bereached for comment.
Malindo Air said it was notifying authoritiesinternationally about the incident and advised customers withonline frequent flyer accounts to change their passwords.
It declined to provide more detail on its investigation,including how many customers were affected, but said it did notstore any customer payment details on its servers.
"We are in the midst of notifying the various authoritiesboth locally and abroad including CyberSecurity Malaysia," itsaid in a statement. "Malindo Air is also engaging withindependent cybercrime consultants to investigate and reportinto this incident."
The files were uploaded and stored in an open Amazon WebServices (AWS) bucket, a public cloud storage resource. AWS,which is an external data service provider for Malindo, was notimmediately available for comment.
Kaspersky said parts of the leaked databases were up forsale on the dark web.
Lion Air received global attention in October when one ofits new Boeing 737 MAX jets crashed into the Java Sea, killingall 189 passengers and crew on board.
(Reporting by Liz Lee in Kuala Lumpur and Stanley Widianto inJakarta; additional reporting by Jessica Damiana, Editing byFanny Potkin and Jane Wardell)