Is Anyone Else Spending a Great Deal of Time Recovering from the Bangkok Air Data Breach?

[NancyL]

I haven't seen much discussion on this forum about the aftermath of the Bangkok Airways data breach back in July, except some people reporting unauthorized charges on a credit/debit card they used to pay for a flight in June/July and the need to cancel that card.

 

And, of course, there were the usual keyboard wits who joked about "oh, no, now the hackers know my meal preferences!"  

 

Is anyone experiencing any fallout or lost any money?

 

I'm sure spending much time getting over the fallout.  When we had five unauthorized charges, all within two days, for the same amount, from an online seller of vitamins and nutritional supplements -- a company we've never dealt with -- our credit card company reversed the charges and cancelled the card.  So, we were without the card for a couple of weeks, waiting for the new one.

 

Meanwhile, Hubby and I were left with our Amex cards, which are of limited value in many places, but fortunately we had a good balance in our Bangkok Bank account and cash works well in Thailand.  

 

However, that Visa card was used for various online subscription services, automatic payments, etc.  It really was our lifeblood.

 

So far, I'd estimate I've spent about 30 hours getting our life up and running again after the data breach.

 

Has anyone contacted Bangkok Air about this?  It would seem the least they could do is give us a couple of free round trips from Chiang Mai to Bangkok.

[mtls2005]

No unauthorized charges to sort out but did spend a few minutes with Krungsri, stopping the card (used for PG tickets) and getting a new one issued. New card promised in four days, was delivered in three days. Bullet dodged.

 

 

[new2here]

I feel your pain- i’ve had to go through this before (albeit not while “overseas” which makes the process harder, slower and potentially more expensive too)

 

My guess here is that until a clearer picture as to exactly how many people have proven “damages” (ie actually had fraudulent charges and etc) and the amount of scope of said damages, there probably won’t be any real movement on the “compensation” issue. IF it turns out to be a decent number of proven victims, then I might see some kind of blanket compensatory act made.. but I don’t think they will act on a case-by-case basis, unless it’s a very small number of total cases outstanding.

 

I agree that some kind of gesture would be nice — and realizing that if they were to give you X baht in travel credit- that credits’ actual “cost” to the airline is far far less than an equivalent face value, but paid in “cash”… so it might be more palatable to the carrier to offer up. 

[JBChiangRai]

I wrote to them and asked if passwords were compromised.  I got a generic reply which didn't answer the question.

 

I wrote again and asked the same thing and also asked if passwords were stored encrypted or unencrypted, no reply.

 

Passwords were not in the list of data items breached but the advice given was to change passwords.  Storing passwords unencrypted is an absolute no no.

[QballQ]

Quite useful for them that PDPA wasn't implemented then.

[bigupandchill]

Bangkok Airways are owned by the same people that own the Bangkok Hospitals group. In my area at least this hospital is well known for taking advantage of sick people for their own financial gain. Good luck with getting any compensation.

[Caldera]

I'm sure they could be found in breach of several rules in a Western country and be orderedto pay compensationfor gross neglect. In Thailand, however, I'd guess the "we are sorry" email was the full extent of their "compensation" for affected customers. Needless to say, that's bad.

[Tropposurfer]

Stopped card, ordered new card, all sorted. 

[Jenkins9039]

22 hours ago, NancyL said:

Has anyone contacted Bangkok Air about this?  It would seem the least they could do is give us a couple of free round trips from Chiang Mai to Bangkok.

Wife paid for a train journey in Germany even though we are in Thailand.

 

Apart from that, no, bank issued her a new card. 

 

With mine, i always disable and enable it so as to use when required, but did have a tonne of google play store charges going through it for a few months before i bothered to turn on the security feature.

 

[NancyL]

Oh yeah, that reminds me, in talking with the nice lady that our Michigan credit union yesterday evening she reminded me to disable the old card on Google Play even though it is no longer active.  I'm not really certain why.  Initially, they thought that was the source of the data breach -- I guess it happens all the time, but I'm sure now it was Bangkok Airways.  The timing was exactly right.

[cmarshall]

1 hour ago, NancyL said:

Oh yeah, that reminds me, in talking with the nice lady that our Michigan credit union yesterday evening she reminded me to disable the old card on Google Play even though it is no longer active.  I'm not really certain why.  Initially, they thought that was the source of the data breach -- I guess it happens all the time, but I'm sure now it was Bangkok Airways.  The timing was exactly right.

I recommend that you get a Capital One Mastercard World Elite.  I was able to get one of these even after moving to Bangkok, but that was a few years ago, so I can't say how welcoming they are to expats at the moment.  The big advantage of the CapOne cards is their Eno feature, which allows you to setup virtual cards each of which is restricted to a certain vendor.  Your real credit card number remains hidden.  You can lock a virtual card online at any time or delete it blocking further charges.

 

I saw the need for this feature when a family member's Amazon account got hacked.  The hacker changed the email address without which the Amazon CSR refused to give him access to his own account.  So, we had to cancel his card and get a new one sent in the mail.  Now I use CapOne's virtual cards everywhere I can to avoid getting stuck in that trap.  There is a browser add-in that facilitates assigning a new virtual card at checkout time.

[Heng]

Only use a card that allows you to freeze it temporarily/permanently (through an app) without calling someone in India (where so many call centers seem to be now).