The airline confirms it is the victim of LockBit ransomware and reveals the data breach affecting its passengers. The message published by the gang on its leak site underline the poor security implemented by the company.
“We Have More Files (Extra +200GB) To Show. And Many More Things To Say… They said : “We protect our customers privacy” But with “P@ssw0rd” for all systems and domain admins”
On 23 August, the company found the safety violation and immediately started an inquiry to determine the extent of the occurrence with the assistance of a cybersecurity team. Also the authorities were notified of the incident by Bangkok Airways.
“An initial investigation of the incident appeared to confirm that some of the personal data may have been accessed which are, passenger name, family name, nationality, gender, phone number, email, address, contact information, passport information, historical travel information, partial credit card information, and special meal information. The company however, confirms that the incident did not affect the company’s operational or aeronautical security systems.” reads a press release published by the company. “This incident has been reported to the Royal Thai police as well as providing notification to the relevant authorities. For primary prevention measures, the company highly recommends passengers to contact their bank or credit card provider and follow their advice and change any compromised passwords as soon as possible.”
The airline said that the violation of security did not affect the operational security systems of Bangkok Airways, but attackers may have access to personal passenger data such Full names, nationalities, sex, telephone numbers, email addresses, passport information, historical travel data, partial card information, and special meal details.
Bangkok Airways warns the passengers to alert and informed that any calls and emails are unwanted, since the attacker may attempt to conduct malicious activities such as phishing attacks.
On the initial conversation with threat actor by bleeping computer, the threat actor revealed that the Accenture breach gave them the access to credentials to target the companies customers.
LockBit is the same ransomware gang that stole 6TB of data from Accenture and threatened to leak it in the dark web. Similarly, On 23 August LockBit operators published data stolen from the Ethiopian airline on its leak site.