Bangkok Airways apologizes for passport info breach as LockBit ransomware group threatens data leak

The company said that it discovered a "cybersecurity attack which resulted in unauthorized and unlawful access to its information system" on August 23.
Written by Jonathan Greig, Contributor

Bangkok Airways has apologized for a data breach involving passport information and other personal data in a statement to customers

The company said that it discovered a "cybersecurity attack which resulted in unauthorized and unlawful access to its information system" on August 23. 

Also: T-Mobile hack: Everything you need to know

The statement said the company is "deeply sorry for the worry and inconvenience that this malicious incident has caused."

Bangkok Airways did not respond to requests for comment from ZDNet about how many customers were involved in the breach or what timeframe the data came from, but in its statement the company said an investigation revealed that the names, nationalities, genders, phone numbers, emails, addresses, contact information, passport information, historical travel information, partial credit card information and special meal information for passengers of the airline had been accessed. 

The company said it is still conducting an investigation into the attack and is working on strengthening its IT system as it identifies potential victims. 

The attackers were not able to affect Bangkok Airways' operational or aeronautical security systems, according to the statement, and the Royal Thai police have been notified of the incident.

"For primary prevention measures, the company highly recommends passengers to contact their bank or credit card provider and follow their advice and change any compromised passwords as soon as possible," the company said. 

"In addition to that, the company would like to caution passengers to be aware of any suspicious or unsolicited calls and/or emails, as the attacker may be claiming to be Bangkok Airways and attempt to gather personal data by deception (known as 'phishing')." 

They urged customers to contact the police or take legal action if they get any notices purporting to be from Bangkok Airways asking for credit card details or other information. 

The announcement, which was released on Friday, coincided with a notice from the LockBit ransomware group that said it was planning to release 103 GB of compressed files that it claimed was stolen from Bangkok Airways. 


A screenshot of the LockBit ransomware data leak site. 


The group said it would release the data on August 30, but in the past they have extended deadlines or reneged on threats to release data. 

LockBit operators faced criticism weeks ago when they threatened to leak data that they said was stolen from billion-dollar tech services company Accenture. They repeatedly pushed back the deadline before Accenture came forward to dismiss claims that any significant data was taken. 

The Australian Cyber Security Centre released an advisory in early August noting that the LockBit ransomware group had relaunched after a brief dip in activity and has ramped up attacks. 

Members of the group are actively exploiting existing vulnerabilities in the Fortinet FortiOS and FortiProxy products identified as CVE-2018-13379 in order to gain initial access to specific victim networks, the advisory said. 

"The ACSC is aware of numerous incidents involving LockBit and its successor 'LockBit 2.0' in Australia since 2020. The majority of victims known to the ACSC have been reported after July 2021, indicating a sharp and significant increase in domestic victims in comparison to other tracked ransomware variants," the release added. 

"The ACSC has observed LockBit affiliates successfully deploying ransomware on corporate systems in a variety of sectors including professional services, construction, manufacturing, retail and food." 

In June, the Prodaft Threat Intelligence team published a report examining LockBit's RaaS structure and its affiliates' proclivity toward buying Remote Desktop Protocol access to servers as an initial attack vector. 

"Commercial and professional services as well as the transportation sector are also highly targeted by the LockBit group," Prodaft said.

Those who believe they may have been affected by the attack are urged to contact infosecurity@bangkokair.com for more information.

Editorial standards