Personal details of Malaysia Airlines’ Enrich frequent flyer programme members were exposed in a security breach via a third-party IT service provider lasting from March 2010 through to June 2019, it has emerged.

The incident left unprotected members’ personal data, including name, date of birth, gender, contact information, frequent flyer number, status and tier level, the company said in an email sent to members.

“Malaysia Airlines has no evidence that any personal data has been misused and the incident did not disclose any account passwords,” it added. Nevertheless, the company is advising members to change their passwords as a precaution.

In a tweet following a passenger’s complaint, the airline said it is “monitoring any suspicious activity concerning its members’ accounts and in constant contact with the affected IT service provider to secure Enrich members’ data and investigate the incident’s scope and causes.”

In the email, Malaysia Airlines said the compromised information did not include details of Enrich members’ ID card, payment card, itineraries, reservations or ticketing.

PrivSec Global, a live streaming event, takes place on 23-25 March featuring more than 200 speakers and 64 sessions on privacy, data protection and cyber-security.