Thailand’s third-largest airline, Bangkok Airways, admitted that LockBit ransomware attacked the airline’s servers, and the attackers managed to steal passenger information.
An official press release on the incident was issued the day after the hack group LockBit posted a hack message on its darknet site and threatened to release data stolen from the airline if it did not pay the ransom.The five days that the attackers gave Bangkok Airways to pay the ransom had already expired, so the hackers released more than 200 GB of stolen data (Bangkok Air was clearly not interested in the negotiations).
Most of the stolen information appears to be related to the airline’s business records, but the airline said the hackers were able to steal files containing the personal data of some passengers. How many people were affected by this leak is not yet clear, as the investigation of the incident is still ongoing.
According to Bangkok Airways, the following data could have fallen into the hands of hackers: passenger name, surname, nationality, gender, phone number, email address, address, contact information, passport information, travel history information, partial bank card information, special nutrition. It is emphasized that operational and aviation security systems were not affected.
The airline has already notified local law enforcement of the incident and is now warning customers that the stolen data could be used against them by fraudsters.
Let me remind you that once Maze, LockBit, and Ragnar Locker ransomware operators joined forces in Maze Cartel, and now, as we can see, only LockBit is engaged in criminal activity.