Bangkok Airways data breach

[khunPer]

If you have a Bangkok Airways frequent flyer account, or other data stored with Bangkok Airways, you might be interested in this...

 

Dear Valued Customer,

On 23 August 2021, we have discovered that we had been a victim of cybersecurity attack which resulted in unauthorized and unlawful access to our information system.

 

Upon such discovery, we immediately took action to investigate and contain such event, with the assistance of a leading cybersecurity firm. Currently, we are investigating, as a matter of urgency, to verify the compromised data and the affected passengers as well as taking relevant measures to strengthen our IT system.

 

We write to inform you now out of the greatest caution that this incident has exposed some of your personal data in our possession to be compromised by the attacker. From our investigation, the personal data that has been accessed are passenger name, family name, nationality, gender, phone number, email, address, contact information, passport information, historical travel information, partial credit card information, and special meal information. Please be assured that such incident does not affect the aviation security and we are still open for business as usual.

 

This incident has been reported to the Thai police and the relevant authorities. We will continue to update you about the progress on this incident as well as information on steps and proper measures you may take to protect yourself against such exposure.

 

As a preliminary protection measures, we recommend you contact your bank or credit card provider and follow their advice and change any compromised passwords as soon as you can. We also would like to caution you to be aware of any suspicious and unsolicited calls and/or emails, as the attacker may be claiming to be Bangkok Airways and attempt to gather your personal data by deception (known as 'phishing'). We will not be contacting any customers asking for credit card details and/or any financial details and any such requests should be reported to the police and relevant authorities.

 

We regret this incident has occurred and want to reassure you that our commitment to security and privacy of your personal data remains paramount. For further correspondence on this matter, please contact us via the following channels;

 • Toll-free number 1800-010-171 (within Thailand) during 08.00hrs – 17.30hrs
 • Toll number 800-8100-6688 (Overseas) during 08.00hrs – 17.30hrs (Thailand Time GMT+7)
 • Email: [email protected]

 

Sincerely yours,
Bangkok Airways PCL.

 

 

[KannikaP]

12 minutes ago, khunPer said:

and special meal information.

5hit, now they'll know I am a vegan!   555

[khunPer]

3 minutes ago, KannikaP said:

5hit, now they'll know I am a vegan!   555

I wouldn't worry about meal preferences, if I was you, Bangkok Air will still know that you are vegan, and so will a lot others after buying the leaked data, and now everybody after you posted in ASEAN NOW...????

 

By the way, it's not the first time that some kind of data have been stolen from Bangkok Air, but I didn't see it in the news last time, or got an email from the airline. It'a a number of years ago, and I got several emails from others using my special Bangkok Air email address - i.e. [email protected] - the senders kindly told me that my mailserver had been hacked and encrypted, and I should pay them some money to reopen it.

 

I of course changed my email address in Frequent Flyer and informed Bangkok Air about the breach, but I never heard anything back. Just for reference I kept the "bkkair"-alias open and emails continue to arrive, the last only a few weeks ago, but now they want cyber-money - ,i.e. Bitcoins or Etherum - to reopen the encryption of my so-called "email server" on "bkkair@...". I of course never paid anything, but wonders how I can continue to receive emails when the mail-server is hacked and encrypted...????

[Tropicalevo]

1 hour ago, KannikaP said:

5hit, now they'll know I am a vegan!   555

And they will think that I am a vegetarian.

I'm not - it just gets a meal to me more quickly. Special meals first.  ????

[Tropicalevo]

Yes - it has happened before. About 15 years ago.

Wifey used her credit card at BA to buy a ticket and two days later items were being purchased in New York.

Credit card company took the hit.

The credit card was only used for booking airline flights. Cash for everything else. No online shopping back then.

[KannikaP]

1 hour ago, khunPer said:

I wouldn't worry about meal preferences, if I was you, Bangkok Air will still know that you are vegan, and so will a lot others after buying the leaked data, and now everybody after you posted in ASEAN NOW...

It was posted as a joke with 555 after it. I never flew Bangkok Air before.

[Tmoney]

1 hour ago, Tropicalevo said:

Yes - it has happened before. About 15 years ago.

Wifey used her credit card at BA to buy a ticket and two days later items were being purchased in New York.

Credit card company took the hit.

The credit card was only used for booking airline flights. Cash for everything else. No online shopping back then.

I wrote to B.A. expressing my concerns specifically regarding illegal access to my credit card information.

This was their reply:

 

"Our ticket distribution systems including purchase of tickets on website (E-commerce) and flight operations related systems are separate from our IT system. They are not impacted by this incident and are fully functioning. Credit card purchase transactions are secured as they are processed by the payment service providers who are licensed by Bank of Thailand through their own systems. We will retain only the last 4 digits of the card number.

 

Please be aware of unexpected request or suspicious offer from impersonating people and may be claiming to be Bangkok Airways  

Our airline will not be contacting any customers asking for personal data, credit card details or any financial transactions.  

 

In case of such event occurs, kindly inform us at [email protected].  

 

We regret this incident has occurred and want to reassure you that our commitment to security and privacy of your personal data remains paramount."

 

[khunPer]

2 hours ago, KannikaP said:

It was posted as a joke with 555 after it. I never flew Bangkok Air before.

What a pity, especially as everybody following ASEAN NOW now considers you as a veggie...????

[KannikaP]

7 minutes ago, khunPer said:

What a pity, especially as everybody following ASEAN NOW now considers you as a veggie...????

I had better get down to KFC to try their new fare then.   555

I did buy three packs of Makro's non meat mince.

I don't know what to do with the other two of them, even the dog refused to eat it.

Edited August 30, 2021 by KannikaP

[starfish]

"And as we, Bangkok Airways, know, that many of you will suffer losses in various shapes and forms, because of our incompetence in internet security, hereby declare, that we will reimburse you all costs, and damage done to your life, which we brought on to you".

Not.

Whenever something like this happens, we can consider ourselfs lucky to even get an official notice (sometimes even years after the incident)

If Farcebook, or other big company gets hacked, all we ever get is: "We´re sorry, it won´t happen again" (well, until it does).

Can i buy me something with "We´re sorry"?

If i harm somebody by negligence, i´ll probably go to prison, but there are never any real consequences for the big companies (as if it´s all just "force majeure"), and we´re stuck with the damage.

 

Edited September 1, 2021 by starfish