JAKARTA - Bangkok Airways issued an apology last weekend for a data breach that appeared to compromise personally identifiable information for an undisclosed number of its passengers. The LockBit ransomware gang claimed to have carried out the attack.

The airline said in a statement it was "deeply sorry" for the incident. The initial intrusion occurred on August 23, and so far, investigations have found the attackers may have accessed some personal data.

The company said the information included: passenger name, surname, nationality, gender, phone number, email, address, contact information, passport information, travel history information, partial credit card information and special meal information.

"The incident did not affect the operations or the company's aviation security systems. The company is investigating, as a matter of urgency, to verify the compromised data and affected passengers and take relevant steps to strengthen its IT system," a Bangkok Airways source said. . .

The company warns its passengers to be on the lookout for emails or phone calls purporting to be from the airline as these may be phishing attempts using stolen data.

LockBit

The LockBit ransomware gang claimed responsibility for the attack, saying it had taken 200 GB of data from the airline and would post some of the data online Monday, August 30, if their demands are not met. This was reported from a tweet from the darknet threat intelligence firm DarkTracer.

Neither DarkTracer, LockBit nor Bangkok Airways provided details on the ransom requested.

Bangkok Airways did not say how long the intruder was on its network or how many people or records were involved. According to research firm Statista, Bangkok Airways handled 5.8 million passengers in 2019, the last year data was available.

The apology from Bangkok Airways executives came after T-Mobile CEO Mike Sievert on Friday issued an official action over the data breach that revealed information about the company's 54 million customers and prospects. Sievert also offered a cryptic update on the results of the investigation.

In his 1,200-word statement, the CEO said: "To say we are disappointed and frustrated that this has happened is an understatement. Keeping our customers' data safe is a responsibility we take very seriously, and preventing incidents of this type from happening always occurs. became our top priority. Unfortunately, this time we didn't make it.".


The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)