Malindo Airways Sdn Bhd is asking its passengers to change their passwords for their other online services if it is the same one used for the airline's website.
This comes after the South China Morning Post reported that "millions" of passenger details belonging to the airline had been leaked in a data breach.
"As a precautionary measure, we would advise passengers who have a Malindo Miles account to change their passwords if identical passwords have been used for their other services online," it said in a statement today.
Malindo Air said it is investigating the matter and will also notify the various authorities including CyberSecurity Malaysia on the matter.
"Malindo Air is also engaging with independent cybercrime consultants to investigate and report on this incident.
"Malindo Air has put in adequate measures to ensure that the data of our passengers is not compromised in line with the Malaysian Personal Data Protection Act 2010.
"We also do not store any payment details of our customers in our servers and are compliant with the Payment Card Industry (PCI) Data Security Standard (DSS)," it said.
According to the South China Morning Post, Malindo Air's sister company Thai Lion Air also suffered a similar breach.
Among the compromised data include full names, home addresses, e-mail addresses, dates of birth, phone numbers, passport numbers and passport expiration dates.
The paper said an online figure named "Spectre", which operates a dark web portal, published links to the leaked data.