Indonesian budget airline Malindo Air reported on September 19 it had locked down the formerly publicly exposed servers that had compromised passenger data.

The airline had confirmed just one day prior that passenger data had been compromised and that it was working with Amazon Web Services and its e-commerce partner GoQuo to investigate the problem. The company learned of the breach last week stating it happened through an unnamed third-party vendor.

“In light of the recent data leak from a third party vendor, Malindo Air’s cloud service provider, Amazon Web Services (AWS) Singapore has confirmed that all Malindo Air’s servers are fully secured with no further vulnerabilities. Confirmation has also been given to verify that no payment details have been compromised,” Malindo said in a statement.

The South China Post reported that the data from millions of Malinda’s passengers were involved, but the company did not release any figures.