[Security Weekly] LockBit Ransomware Leaks Customer Data Stolen From Bangkok Airways

cover image

September 2021, Issue I


1. LockBit ransomware leaks customer data stolen from Bangkok Airways

Bangkok Airways, one of Thailand’s major airlines, disclosed a ransomware attack that compromised the personal and passport information of its customers. The LockBit ransomware gang claimed responsibility for the attack and published more than 200 GB of files on its leak site on August 28.

The leaked data contained contact information (names, addresses, phone numbers, emails), passport information (genders, nationalities, passport number, travel history), as well as partial payment card information. The LockBit gang’s initial deadline for making the ransom payment was August 30. Yet, the data were released two days prior to the promised date.

Bangkok Airways said that its OT systems were not affected by the attack, and advised all customers to watch out for phishing attacks.

LockBit ransomware successfully attacked global consulting firm Accenture in early August, which appeared to have caused a series of downstream attacks. Apart from Bangkok Airways, LockBit also claimed to have compromised Ethiopian Airlines and an airport.

Sources: Threatpost, Bleeping Computer


2. Indonesia’s COVID-19 tracing app leaks personal data of 1.4 million users

Indonesia’s electronic Health Alert Card (eHAC) mobile app was found to lack basic security measures as researchers at vpnMentor discovered 1.4 million unencrypted user records on an open Elasticsearch database. eHAC records and tracks COVID-19 testing results and medical conditions of all those flying into Indonesia, regardless of citizenship.

The exposed data contained personal and contact information, passport information, COVID-19 testing results, and medical status. The Residential Identification Numbers (NIK) of some users were also included. Furthermore, the leaked data contained the information of medical staff from 226 hospitals across the country who used the app to contact patients.

Indonesian health officials did not respond to the issue directly, but asked all users of eHAC to update to a newer version. As more and more countries adopt contact tracing apps and vaccine passports, sufficient data security measures must be implemented to avoid mass-scale data breaches.

Sources: ZDNet, The Register


3. Over 600,000 Illinois patient records leaked following cyberattack

DuPage Medical Group (DMG), the largest independent group of physicians in the State of Illinois, disclosed a data breach of over 600,000 patient records as a result of a cyberattack in July.

Leaked patient data included names, dates of birth, addresses, diagnosis codes, medical history containing dates and procedures. The social security numbers (SSN) for some patients may also have been compromised.

After over a month of investigations, DMG concluded that the hackers gained access to its IT systems between July 12 and 13. It is now contacting all victims individually, promising to offer free credit monitoring services.

Sources: Infosecurity


Check out Penta Security’s product lines:

Web Application Firewall: WAPPLES

Database Encryption: D’Amo

Identity and Access Management: ISign+ 

Car, Energy, Factory, City Solutions: Penta IoT Security