Bangkok Airways Uncovers Cyber-attack on Customers’ Personal Data

[webfact]

 

By Woraprat Lerpaisal

   

BANGKOK (NNT) - Bangkok Airways says that it is investigating a cyber-attack, in which some customers’ personal data may have been compromised.

 

The carrier said the incident was first discovered on Aug 23rd. An initial investigation of the incident appeared to confirm that some personal data may have been accessed, adding that the breach did not affect the company’s operational or aeronautical security systems.

 

The airline said it is investigating, to verify the compromised data and affected passengers, as well as taking relevant measures to strengthen its IT system’s security.

 

Bangkok Airways is recommending that passengers contact their bank or credit card provider, follow their advice and change any compromised passwords as soon as possible. Passengers who believe they may have been affected can contact the company via the email on: [email protected].

 

-- © Copyright NNT 2021-08-30

 

- Whatever you're going through, the Samaritans are here for you

- Follow ASEAN NOW on LINE for breaking COVID-19 updates

[hotchilli]

Opppp's.

[ThailandRyan]

I received the email from Bangkok Airways on Saturday.  It was not good to hear.

[steven100]

Bangkok Airways '     we're ok,  but you have a problem ......   

 

' Bangkok Airways is recommending that passengers contact their bank or credit card provider. '

 

 ' adding that the breach did not affect the company’s operational or aeronautical security systems. '

[JBChiangRai]

I hope they fire the IT Director.  It's hard to believe in 2021 that customer data is not stored encrypted

[jacko45k]

Just now, JBChiangRai said:

I hope they fire the IT Director.  It's hard to believe in 2021 that customer data is not stored encrypted

It just keeps happening, be it large corporations (like Yahoo), or smaller outfits. 

[Rampant Rabbit]

And BKK airways  will accept  full  responsibility for any losses?

[KeeTua]

17 minutes ago, JBChiangRai said:

It's hard to believe in 2021 that customer data is not stored encrypted

Encryption doesn't matter once a hacker gains internal access to a network.

[KeeTua]

15 minutes ago, jacko45k said:

It just keeps happening, be it large corporations (like Yahoo), or smaller outfits. 

There's only two types of networks - the ones that know they have been hacked and the ones that don't yet know that they've been hacked.

[SoilSpoil]

My bank cancelled my credit card over a similar issue. Alsi a company located in Thailand. Took a month to have a new one sent to Thailand. Very annoying.

[JBChiangRai]

8 hours ago, KeeTua said:

Encryption doesn't matter once a hacker gains internal access to a network.

Not true. I used to own a software house before I sold up and retired.

 

A simple solution is you only store the customers username unencrypted and use his own password (which you don’t store unencrypted) as the encryption key for all other customer data. We used to do this in my SW house.

 

All a hacker can get is username and email address typically.