Malaysia Airlines has revealed that it has suffered a data security breach spanning nine years.

The incident compromised the personal data of members of its Enrich frequent flyer scheme, and occurred between March 2010 and June 2019.

Compromised details included members’ name, date of birth, gender, contact information and frequent flyer information such as number, status and tier level. The carrier said that payment details and information about itineraries, reservations and ticketing  were not compromised, and that there is no evidence of misused personal data.

The airline has said that the issue involved one of its third-party IT service providers. While it states that there is no evidence that the breach affected account passwords, members of the Enrich programme have been encouraged to change their passwords as a precautionary measure.

In a tweet responding to a passenger complaint, the airline stated:

“The airline is monitoring any suspicious activity concerning its members’ accounts and in constant contact with the affected IT service provider to secure Enrich members’ data and investigate the incident’s scope and causes.”

Business Traveller has reached out to Malaysia Airlines for comment.

Meanwhile, the airline announced last week that it would be trialling the IATA Travel Pass in order to restart international travel.