Bangkok Airways admits data breach

ID theft
(Image credit: Future)

Thai regional airline Bangkok Airways has acknowledged it fell victim to a cybersecurity attack, which has robbed it off personally identifiable information (PII) of customers.

In a statement, the airline admitted that threat actors had managed to steal sensitive information about its passengers including their name, physical and electronic contact details, passport information, historical travel details, as well as “partial credit card information.”

“On 23 August 2021, Bangkok Airways Public Company Limited discovered that the company had been a victim of [a] cybersecurity attack which resulted in unauthorized and unlawful access to its information system,” the company added.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

The airline adds that when the incident came to light, the company took steps to contain the event, and is currently not just investigating the breach, but also trying to verify the compromised data and the affected passengers.

Between a rock and hard place

The airline however hasn’t specified the number of customers whose details have been exfiltrated, as that aspect appears to be under investigation. 

Strangely, even though it has acknowledged losing “partial credit card” details, the company hasn’t yet offered subscriptions to identity fraud prevention services, which companies usually do in cases of ransomware gangs getting their hands on such sensitive PII.

According to ZDNet, Bangkok Airways’ statement came just when the LockBit ransomware gang announced that it had laid its hands on 103 GB of compressed data from the campaign against the airline. 

Originally the group had threatened to release the data on August 30 if its ransom demands weren’t met. However, there aren’t reports of the data being disclosed publicly, which probably means that the two parties are at the negotiating table. 

Quentin Rhoads-Herrera, Director of Professional Services at Managed Detection and Response (MDR) services provider, CriticalStart believes the airline is in a tight spot. Irrespective of whether it decides to pay the ransom or risk damaging its reputation, the company has to muddle through the murky waters of disclosure compliance.

“It is up to Bangkok Airways to notify the customers impacted which might cause complications due to customers residing in several different countries. Adding on top of that the different regulatory bodies like GDPR might require responses from the airways further adding complexity,” suggests Rhoads-Herrera.

Via ZDNet

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Read more
Representational image of data security
Travel data of almost 500,000 users exposed in Daytrip leak
Someone holding a passport with two boarding passes inside it
Top digital loan firm security slip-up puts data of 36 million users at risk
A graphic showing fleet tracking locations over a city.
Lost & Found tracking site hit by major data breach - over 800,000 could be affected
Password
Millions of airline customers possibly affected by OAuth security flaw
How to prevent cyberattacks
NTT admits hackers accessed details of almost 18,000 corporate customers in cyberattack
A person&#039;s fingers type at a keyboard, with a digital security screen with a lock on it overlaid.
Blood donation firm reveals donor personal data stolen in cyberattack
Latest in Security
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
China
Notorious Chinese hackers FamousSparrow allegedly target US financial firms
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
NHS
NHS IT supplier hit with major fine following ransomware attack
Latest in News
Nintendo Switch 2 Joy-Con up-close from app store
Nintendo's new app gave us another look at the Switch 2, and there's something different with the Joy-Con
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think
Amazon Echo Smart Speaker
Amazon is experimenting with renaming Echo speakers to Alexa speakers, and it's about time
Shigeru Miyamoto presents Nintendo Today app
Nintendo Today smartphone app is out now on iOS and Android devices – and here's what it does