{
	"id": "2da04c2d-f24b-40e2-9a81-f5da36346249",
	"created_at": "2026-04-06T00:08:31.976476Z",
	"updated_at": "2026-04-10T13:13:06.601361Z",
	"deleted_at": null,
	"sha1_hash": "f546bec2461a407b15ee56e5122678b11a61ec9b",
	"title": "Bangkok Air confirms passenger PII leak after ransomware attack",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 140874,
	"plain_text": "Bangkok Air confirms passenger PII leak after ransomware attack\r\nBy Catalin Cimpanu\r\nPublished: 2023-01-18 · Archived: 2026-04-05 23:00:35 UTC\r\nBangkok Airways, the second oldest and the third biggest airline company in Thailand, has admitted last week that\r\nhackers stole passenger information during a security breach following a ransomware attack.\r\nThe airline confirmed the breach in a press release last Thursday, a day after a ransomware gang known as\r\nLockBit posted a message on its dark web portal threatening the company to leak data if it didn't pay a hefty\r\nransom demand.\r\nThe LockBit gang gave the airline five days to pay the ransom but published the entire 200+ GB of stolen data on\r\nSaturday after it became clear that Bangkok Air was not interested in negotiations and decided to disclose the\r\nbreach on its own terms.\r\nWhile most of the stolen information appears to be business-related documents, the Thai airline said the hackers\r\nalso managed to steal files that contained personally identifiable data for some of its passengers.\r\nThe airline cited an ongoing investigation and couldn't say how many passengers were impacted.\r\nPer the airline, some of the personal data that may have been included in the stolen files included data fields such\r\nas passenger name, family name, nationality, gender, phone number, email, address, contact information, passport\r\ninformation, historical travel information, partial credit card information, and special meal information.\r\nBangkok Airways said it notified local law enforcement of the breach and is now warning customers that some of\r\nthe stolen data might be weaponized against them through unsolicited calls or emails.\r\nhttps://therecord.media/bangkok-air-confirms-passenger-pii-leak-after-ransomware-attack/\r\nPage 1 of 3\n\nThe airline said the attackers might even try to pass as its employee and contact passengers to inquire or request\r\nabout financial or card-related data.\r\n\"The company (Bangkok Airways) will not be contacting any customers asking for credit card details and any\r\nsuch requests,\" the airline warned. \"In case of such event occurs, passengers should take legal actions.\"\r\nLockBit, the ransomware gang behind the Bangkok Air intrusion, is one of today's busiest ransomware operations\r\nafter rival gangs such as REvil, DarkSide, and Avaddon called it quits this summer.\r\nEarlier this month, the Australian Cyber Security Centre warned about an increase of attacks from this gang\r\ntargeting Australian companies. Security firms like Palo Alto Networks, Trend Micro, and Symantec also\r\npublished reports on this gang after seeing a surge in activity from its operators.\r\nCatalin Cimpanu\r\nis a cybersecurity reporter who previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement\r\nactions against hackers.\r\nhttps://therecord.media/bangkok-air-confirms-passenger-pii-leak-after-ransomware-attack/\r\nPage 2 of 3\n\nSource: https://therecord.media/bangkok-air-confirms-passenger-pii-leak-after-ransomware-attack/\r\nhttps://therecord.media/bangkok-air-confirms-passenger-pii-leak-after-ransomware-attack/\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://therecord.media/bangkok-air-confirms-passenger-pii-leak-after-ransomware-attack/"
	],
	"report_names": [
		"bangkok-air-confirms-passenger-pii-leak-after-ransomware-attack"
	],
	"threat_actors": [
		{
			"id": "0fc739cf-0b82-48bf-9f7d-398a200b59b5",
			"created_at": "2022-10-25T16:07:23.797925Z",
			"updated_at": "2026-04-10T02:00:04.752608Z",
			"deleted_at": null,
			"main_name": "LockBit Gang",
			"aliases": [
				"Bitwise Spider",
				"Operation Cronos"
			],
			"source_name": "ETDA:LockBit Gang",
			"tools": [
				"3AM",
				"ABCD Ransomware",
				"CrackMapExec",
				"EmPyre",
				"EmpireProject",
				"LockBit",
				"LockBit Black",
				"Mimikatz",
				"PowerShell Empire",
				"PsExec",
				"Syrphid"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434111,
	"ts_updated_at": 1775826786,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/f546bec2461a407b15ee56e5122678b11a61ec9b.pdf",
		"text": "https://archive.orkl.eu/f546bec2461a407b15ee56e5122678b11a61ec9b.txt",
		"img": "https://archive.orkl.eu/f546bec2461a407b15ee56e5122678b11a61ec9b.jpg"
	}
}