Dear Valued Customer,

On 23 August 2021, we have discovered that we had been a victim of cybersecurity attack which resulted in unauthorized and unlawful access to our information system.

Upon such discovery, we immediately took action to investigate and contain such event, with the assistance of a leading cybersecurity firm. Currently, we are investigating, as a matter of urgency, to verify the compromised data and the affected passengers as well as taking relevant measures to strengthen our IT system.

We write to inform you now out of the greatest caution that this incident has exposed some of your personal data in our possession to be compromised by the attacker. From our investigation, the personal data that has been accessed are passenger name, family name, nationality, gender, phone number, email, address, contact information, passport information, historical travel information, partial credit card information, and special meal information. Please be assured that such incident does not affect the aviation security and we are still open for business as usual.

This incident has been reported to the Thai police and the relevant authorities. We will continue to update you about the progress on this incident as well as information on steps and proper measures you may take to protect yourself against such exposure.

As a preliminary protection measures, we recommend you contact your bank or credit card provider and follow their advice and change any compromised passwords as soon as you can. We also would like to caution you to be aware of any suspicious and unsolicited calls and/or emails, as the attacker may be claiming to be Bangkok Airways and attempt to gather your personal data by deception (known as 'phishing'). We will not be contacting any customers asking for credit card details and/or any financial details and any such requests should be reported to the police and relevant authorities.

We regret this incident has occurred and want to reassure you that our commitment to security and privacy of your personal data remains paramount. For further correspondence on this matter, please contact us via the following channels;

• Toll-free number 1800-010-171 (within Thailand) during 08.00hrs – 17.30hrs
• Toll number 800-8100-6688 (Overseas) during 08.00hrs – 17.30hrs (Thailand Time GMT+7)
• Email: [email protected]

Sincerely yours,
Bangkok Airways PCL.

The airline said, “An initial investigation of the incident appeared to confirm that some of the personal data may have been accessed which are, passenger name, family name, nationality, gender, phone number, email, address, contact information, passport information, historical travel information, partial credit card information, and special meal information.”

Bangkok Airways reported the incident to the Royal Thai Police and continues to investigate the extent of the breach with a cybersecurity partner. A cybercriminal gang using LockBit ransomware has claimed responsibility for the attack. The gang issued a deadline (30th August), claiming it will release 103GB of compressed information if a ransom is not paid.

Bangkok Airways has clarified that the attack ‘did not affect the company’s operational or aeronautical security systems.’ The airline also said it is taking relevant measures to strengthen its IT systems.

Kammekor wrote: ↑Thu Sep 02, 2021 1:13 pm Where did Bangkok Airways claim the data was encrypted?