Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

LockBit Gang Leaks Bangkok Airways Data, Hits Accenture Customers

LockBit Gang Leaks Bangkok Airways Data, Hits Accenture Customers

Bangkok Airways, a major airline company in Thailand, confirmed it was the victim of a cyberattack earlier this month that compromised personal data of passengers.

The announcement came after the LockBit ransomware gang had posted a message on their leak site claiming the breach and threatening to publish stolen data unless the ransom was paid.

LockBit is the same hacker group that breached Accenture global IT consultancy giant and demanded a $50 million payment to stop the leak of allegedly 6TB of stolen data.

Following the attack, the threat actor said that they had collected sufficient data to breach some Accenture clients.

Passenger data leaked

On Saturday, LockBit ransomware leaked more than 200GB of data belonging to the Thai company, suggesting that the security of its system was in dissonance with the airline’s claims to protect its customers’ privacy.

LockBit leaks over 200GB of data stolen from Bangkok Airways
source: BleepingComputer

The airline discovered the attack on August 23 and took steps to contain the incident. An investigation also started, to check what data had been compromised.

While the attack did not impact Bangkok Airways’ operational or aeronautical security systems, the airline said that the hackers may have accessed personal data belonging to passengers.

The details exposed during the attack include full names, nationality, gender, phone numbers, email and physical addresses, passport info, historical travel data, partial credit card info, and special meal details.

Bangkok Airways warns its customers that the attackers may try to impersonate a company representative in unsolicited calls or emails to collect more personal data or credit card information.

Also Read: What A Vulnerability Assessment Shows And How it Can Save You Money

Focus on Accenture customers

Before hitting Bangkok Airways, the LockBit ransomware gang encrypted the systems of another airline company, Ethiopian, and announced on August 23 the publishing of stolen data.

LockBit leaks data stolen from Ethiopian Airlines
source: BleepingComputer

Both these attacks happened after the hackers compromised the systems of Accenture, allegedly with the help of an insider.

In a conversation with BleepingComputer, the threat actor said that the Accenture breach gave them access to credentials that would enable them to go after company customers.

Although the hackers declined to name a victim, they claimed to have compromised an airport that was using Accenture software and encrypted its systems.

LockBit ransomware-as-a-service (RaaS) operation has been around since September 2019 but version 2.0 of the malware has emerged earlier this year, in June.

The latest update of the malware has been used in at least 70 attacks against organizations all over the world, a clear sign of this RaaS operation’s increased activity.

Also Read: What You Need To Know About Singapore’s Data Sharing Arrangements

Update [September 1, 2021, 14:28 EST]: Following the publishing of this article, Accenture sent a statement to BleepingComputer dismissing LockBit’s claims:

“We have completed a thorough forensic review of documents on the attacked Accenture systems. This [LockBit’s] claim is false. As we have stated, there was no impact on Accenture’s operations, or on our client’s systems. As soon as we detected the presence of this threat actor, we isolated the affected servers” – Accenture



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us