Bangkok / 26 August 2021 - On 23 August 2021, Bangkok Airways Public Company Limited discovered that the company had been a victim of cybersecurity attack which resulted in unauthorized and unlawful access to its information system.
Upon such discovery, the company immediately took action to investigate and contain the event, with the assistance of a cybersecurity team. Currently, the company is investigating, as a matter of urgency, to verify the compromised data and the affected passengers as well as taking relevant measures to strengthen its IT system.
An initial investigation of the incident appeared to confirm that some of the personal data may have been accessed which are, passenger name, family name, nationality, gender, phone number, email, address, contact information, passport information, historical travel information, partial credit card information, and special meal information. The company however, confirms that the incident did not affect the company’s operational or aeronautical security systems.
This incident has been reported to the Royal Thai police as well as providing notification to the relevant authorities. For primary prevention measures, the company highly recommends passengers to contact their bank or credit card provider and follow their advice and change any compromised passwords as soon as possible.
In addition to that, the company would like to caution passengers to be aware of any suspicious or unsolicited calls and/or emails, as the attacker may be claiming to be Bangkok Airways and attempt to gather personal data by deception (known as 'phishing'). The company (Bangkok Airways) will not be contacting any customers asking for credit card details and any such requests. In case of such event occurs, passengers should take legal actions.
Passengers, who are affected from any such event, can contact the company via the following channels;
Bangkok Airways Public Company Limited takes the protection of passenger’s data very seriously and the airline is deeply sorry for the worry and inconvenience that this malicious incident has caused.