Bangkok Airways Admits Attackers Stole Passenger Data

Written by

Bangkok Airways has admitted that a cyber-attack last week led to the compromise of an unspecified volume of passengers’ personally identifiable information (PII).

The Thai airline claimed in a brief update late last week that although the incident didn’t affect “operational or aeronautical security systems,” it does appear as if personal data has been accessed.

Personal data could include full name, nationality, gender, phone number, email and home address, contact details, passport and historical travel information, partial credit card info and special meal information.

“This incident has been reported to the Royal Thai police as well as providing notification to the relevant authorities. For primary prevention measures, the company highly recommends passengers to contact their bank or credit card provider and follow their advice and change any compromised passwords as soon as possible,” the notice continued.

“In addition to that, the company would like to caution passengers to be aware of any suspicious or unsolicited calls and/or emails, as the attacker may be claiming to be Bangkok Airways and attempt to gather personal data by deception (known as ‘phishing’).”

Although the airline itself didn’t specify how the attackers compromised its IT systems or their intent, the notice appeared online at around the same time as ransomware group LockBit 2.0 published info on the attack.

A tweet citing its leak site claimed the group had 103GB of stolen files from the firm it planned to release.

LockBit 2.0 was also blamed for a compromise at global consultancy Accenture earlier this month. The Australian Cyber Security Centre (ACSC) published details on the group, which first appeared in June, on its website.

It revealed that LockBit 2.0 had been exploiting the CVE-2018-13379 vulnerability in Fortinet FortiOS and FortiProxy in an attempt to gain initial access into victim networks. 

What’s hot on Infosecurity Magazine?