LockBit Ransomware Gang Takes Credit, Threatens to Release Data
Bangkok Airways issued an apology late last week for a data breach that apparently compromised the personally identifiable information for an unstated number of its passengers. The LockBit ransomware gang claimed credit for the attack.
See Also: Top 50 Security Threats
The airline said in its statement it was “deeply sorry” for the incident. The initial intrusion took place on Aug. 23, and so far, the investigation has found the attackers may have accessed some personal data.
The company said the information included: passenger name, family name, nationality, gender, phone number, email, address, contact information, passport information, historical travel information, partial credit card information and special meal information.
“The incident did not affect the company’s operational or aeronautical security systems. The company is investigating, as a matter of urgency, to verify the compromised data and the affected passengers as well as taking relevant measures to strengthen its IT system,” Bangkok Airways said.
The company warned its passengers to be wary of any emails or phone calls claiming to be from the airline as these may be phishing attempts using the stolen data.
Lockbit Takes Credit
The LockBit ransomware gang claimed responsibility for the attack, saying it had taken 200GB of data from the airline and would post a portion of the data online Monday if its demands were not met, according to a tweet from the darknet threat intelligence firm DarkTracer.
[ALERT] LockBit ransomware gang has announced Bangkok Airways on the victim list. It announced that 103GB of compressed files will be released. pic.twitter.com/LT2C0Eixxn
— DarkTracer : DarkWeb Criminal Intelligence (@darktracer_int) August 25, 2021
Neither DarkTracer, LockBit nor Bangkok Airways offered details on the ransom demanded.
Bangkok Airways did not say how long the intruder had been inside its network nor how many people or records were involved. According to the research firm Statista, Bangkok Airways handled 5.8 million passengers in 2019, the last year for which data was available.
Recent Public Apologies
The apology from Bangkok Airways executives came after T-Mobile CEO Mike Sievert on Friday issued an official mea culpa for the data breach that exposed information on 54 million of the company’s customers and prospects. Sievert also offered a sketchy update on the results of an investigation.
In his 1,200-word statement, the CEO says: “To say we are disappointed and frustrated that this happened is an understatement. Keeping our customers’ data safe is a responsibility we take incredibly seriously, and preventing this type of event from happening has always been a top priority of ours. Unfortunately, this time we were not successful.”