Bangkok Airways became victim of LockBit ransomware. Hackers leak passengers’ passport and personal data

Through a statement, the airline Bangkok Airways apologized to its customers and partners for the inconvenience caused due to the recent data breach that affected the company. According to the message, the incident was the product of a cyberattack that resulted in unauthorized access to the airline’s IT systems.

While the company has not responded to requests for comment regarding the incident, it has been confirmed that the data breach exposed the names, nationalities, phone numbers, email addresses and other sensitive details of its customers. To make matters worse, the leak would have included partial credit card information from some users.

This incident continues to be investigated in collaboration with specialized firms, in addition to some measures will be implemented to prevent similar incidents from recurring in the future. The airline notes that, during the incident, the company’s critical systems were not affected: “For primary prevention measures, we highly recommend passengers to contact their bank or credit card provider and follow their advice and change any compromised passwords as soon as possible.”

The airline also advised affected users to contact the competent authorities in case of detecting signs of malicious activity, especially in relation to their bank accounts.

This announcement, published last Friday, coincides with the posts of the LockBit ransomware hackers, who claim to have access to around 103 GB of information extracted from the airline, so all this fuss could be related to a ransomware infection.

The hackers claim that the compromised information will be exposed this August 31, although LockBit is not characterized by honoring its word. A few weeks ago, ransomware operators threatened to leak thousands of sensitive records extracted from technology services company Accenture, though this leak never came.

Earlier this month, the Australian Cyber Security Centre issued an alert stating that this ransomware group was relaunched after interrupting its activity, returning with more force in this second wave. The new LockBit attacks are characterized by the exploitation of CVE-20218-13379, a known vulnerability in Fortinet FortiOS and FortiProxy that allows malicious hackers to gain initial access to a compromised network.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.