Bangkok Airways is investigating a data breach that could've potentially compromised a multitude of passengers’ personal information.
The airline discovered the breach on August 23rd and found that personal data, such as names, addresses, passports and partial credit information, could have been the target. A cybercriminal gang has threatened to release the information if a ransom is not paid.
Three days after the attack, Bangkok Airways released a statement claiming that it ‘is investigating, as a matter of urgency, to verify the compromised data and the affected passengers.’
"An initial investigation of the incident appeared to confirm that some of the personal data may have been accessed which are, passenger name, family name, nationality, gender, phone number, email, address, contact information, passport information, historical travel information, partial credit card information, and special meal information.” The airline stated.
Bangkok Airways reported the incident to the Royal Thai Police and continues to investigate the extent of the breach with a corresponding cybersecurity firm. A cybercriminal group using LockBit ransomware has claimed responsibility for the attack. The gang issued a deadline, claiming it will release 103GB of compressed information if the ransom is not paid.
Bangkok Airways has clarified that the attack ‘did not affect the company’s operational or aeronautical security systems.’ The airline is also taking relevant measures to strengthen its IT systems.