Contents:
The announcement in which Bangkok Airways confirmed the fact that it was attacked came soon after the moment in which LockBit ransomware gang posted a message on their leak site claiming the breach and threatening to publish the stolen data unless the ransom was paid.
LockBit is a ransomware-as-a-service operation that started out in September 2019 but its 2.0 version has emerged earlier this year, with it being used in at least 70 attacks since June this year.
LockBit previously managed to breach Accenture and demanded a $50 million payment in order to stop the leak of allegedly 6TB of stolen data.
What Data Was Leaked?
Bangkok Airways disclosed the attack on August 23rd.
Since then the company took measures in order to contain the incident and also started an investigation to check what data had been compromised.
It seems that the attack did not impact Bangkok Airways’ operational or aeronautical security systems, but unfortunately, the attackers could have accessed personal data belonging to passengers.
According to BleepingComputer the data that was leaked during the attack included full names, nationality, gender, phone numbers, email, and physical addresses, passport info, historical travel data, partial credit card info, and special meal details.
The threat actor disclosed the fact that the Accenture breach allowed them to have access to credentials able to enable them to go after the company customers.
Previously Accenture revealed to BleepingComputer the fact that the impacted systems were recovered by using a backup:
Through our security controls and protocols, we identified irregular activity in one of our environments. We immediately contained the matter and isolated the affected servers. We fully restored our affected systems from back-up. There was no impact on Accenture’s operations, or on our clients’ systems.
BleepingComputer got in touch with Accenture as they’ve sent a statement dismissing the claims made by LockBit:
We have completed a thorough forensic review of documents on the attacked Accenture systems. This [LockBit’s] claim is false. As we have stated, there was no impact on Accenture’s operations, or on our client’s systems. As soon as we detected the presence of this threat actor, we isolated the affected servers.