Bangkok Airways, one of the biggest airline companies in Thailand, has revealed it was victim of a cyberattack resulting in hackers stealing passenger information.
The company said that it discovered a "cybersecurity attack which resulted in unauthorized and unlawful access to its information system" on August 23.
The announcement came a day after the LockBit ransomware group posted a message on their dark web leak site threatening to publish 103 GB of compressed files that it claimed was stolen from Bangkok Airways. The group gave the company five day to pay a ransom, but Bangkok Airways chose to disclose the data breach instead. In response, LockBit published the entire 200+ GB of stolen data.
Bangkok Airways said that an initial investigation confirmed that some of the personal data may have been accessed in the attack, including passenger name, family name, nationality, gender, phone number, email, address, contact information, passport information, historical travel information, partial credit card information, and special meal information. The company said that the incident did not affect its operational or aeronautical security systems.
“This incident has been reported to the Royal Thai police as well as providing notification to the relevant authorities. For primary prevention measures, the company highly recommends passengers to contact their bank or credit card provider and follow their advice and change any compromised passwords as soon as possible,” the company said.