Bangkok Airways has apologized for a breach of data including passport information and other personal data of customers. The company said that it discovered a "cybersecurity attack which resulted in unauthorized and unlawful access to its information system" on August 23. The statement said the company is "deeply sorry for the worry and inconvenience that this malicious incident has caused."
Bangkok Airways did not respond to a request by the ZDNet website for comment regarding how many customers were affected or what timeframe the data came from. The company's statement said that an investigation had found that the data breach included names, nationalities, genders, phone numbers, emails, addresses, contact information, passport information, historical travel information, credit card information and special meal information for passengers of the airline.
The company said that it was still conducting an investigation and working to strengthen its IT system. The attackers were not able to affect the operational or aeronautical security systems of Bangkok Airways, and the Royal Thai Police had been notified of the incident, according to the statement.
"For primary prevention measures, the company highly recommends passengers to contact their bank or credit card provider and follow their advice and change any compromised passwords as soon as possible," the company said. "In addition to that, the company would like to caution passengers to be aware of any suspicious or unsolicited calls and/or emails, as the attacker may be claiming to be Bangkok Airways and attempt to gather personal data by deception."
The announcement, which was released on Friday, coincided with a statement from the LockBit ransomware group that said it was planning to release 103 gigabytes of compressed files that it claimed were stolen from the airline.