Cybercrime

Bangkok Air confirms passenger PII leak after ransomware attack

Bangkok Airways, the second oldest and the third biggest airline company in Thailand, has admitted last week that hackers stole passenger information during a security breach following a ransomware attack.

The airline confirmed the breach in a press release last Thursday, a day after a ransomware gang known as LockBit posted a message on its dark web portal threatening the company to leak data if it didn’t pay a hefty ransom demand.

The LockBit gang gave the airline five days to pay the ransom but published the entire 200+ GB of stolen data on Saturday after it became clear that Bangkok Air was not interested in negotiations and decided to disclose the breach on its own terms.

Image: The Record

While most of the stolen information appears to be business-related documents, the Thai airline said the hackers also managed to steal files that contained personally identifiable data for some of its passengers.

The airline cited an ongoing investigation and couldn’t say how many passengers were impacted.

Per the airline, some of the personal data that may have been included in the stolen files included data fields such as passenger name, family name, nationality, gender, phone number, email, address, contact information, passport information, historical travel information, partial credit card information, and special meal information.

Bangkok Airways said it notified local law enforcement of the breach and is now warning customers that some of the stolen data might be weaponized against them through unsolicited calls or emails.

The airline said the attackers might even try to pass as its employee and contact passengers to inquire or request about financial or card-related data.

“The company (Bangkok Airways) will not be contacting any customers asking for credit card details and any such requests,” the airline warned. “In case of such event occurs, passengers should take legal actions.”

LockBit, the ransomware gang behind the Bangkok Air intrusion, is one of today’s busiest ransomware operations after rival gangs such as REvil, DarkSide, and Avaddon called it quits this summer.

Earlier this month, the Australian Cyber Security Centre warned about an increase of attacks from this gang targeting Australian companies. Security firms like Palo Alto NetworksTrend Micro, and Symantec also published reports on this gang after seeing a surge in activity from its operators.

Catalin Cimpanu

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.

Recent Posts

Facebook testing end-to-end encryption as a default on Messenger

Facebook has long been criticized for not using end-to-end encryption as a default option for…

16 hours ago

CISA orders civilian agencies to patch Zimbra bug after mass exploitation

The Cybersecurity and Infrastructure Security Agency added two vulnerabilities found in products from digital collaboration…

18 hours ago

AT&T denies connection to database of 23 million SSNs, says it may be tied to credit agency breach

Telecommunications giant AT&T denied any connection to a database of stolen information that included the…

20 hours ago

U.S. shares photo of alleged Conti suspect, offers $10 million for intel

The U.S. State Department on Thursday said that it was offering a $10 million reward…

20 hours ago

Suspected Tornado Cash developer arrested in Netherlands

Financial crime authorities in the Netherlands announced Friday that they had arrested a 29-year-old man…

1 day ago

NHS working with U.K. cyber authorities to assess ransomware attack on IT vendor

The United Kingdom’s National Health Service said it is working with the country’s National Cyber…

2 days ago