[BreachExchange] Two Hong Kong travel agencies apologise as hackers demand payment for stolen customer data

Audrey McNeil audrey at riskbasedsecurity.com
Fri Jan 5 14:04:55 EST 2018


The computers at two Hong Kong travel agencies were hacked this week, as
perpetrators held sensitive personal information ransom with one seeking a
payout in bitcoin.

The latest incidents involve the second and third travel agencies admitting
falling victims to this style of cyberattack in as many months.

On Wednesday, police received reports from the two agencies. Officers have
categorised the cases as blackmail.

A police insider said the hacking tactics of both cases were similar and
that the Cyber Security and Technology Crime Bureau was investigating if
they were linked.

Goldjoy, which has three branches, revealed on Thursday that unauthorised
parties accessed its customer database containing personal information such
as names and ID card numbers, passport details and phone numbers.

The company apologised to customers and said it was taking steps to tighten

Be vigilant, hackers never take a holiday

Meanwhile, Big Line Holiday revealed on Wednesday night that hackers might
have broken into its database a day before and gained possession of some of
its customers’ personal information.

The data is believed to include ID card numbers, home return permit numbers
and phone numbers.

In its statement, Big Line said: “Our company attaches great importance to
this incident and deeply apologises to the affected clients.”

Big Line, which has 13 branches and organises tours to mainland China and
Asia, said it received a letter from perpetrators demanding a sum of money
for the release of the information.

A police source familiar with the matter said a ransom of 1 bitcoin, worth
HK$114,000 (US$14,500), was demanded by the hackers.

The source added that police were no closer to knowing the exact kind of
customer data affected because it was locked by the perpetrators. The
breach did not mean hackers had stolen the data outright.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180105/e087bd66/attachment.html>

More information about the BreachExchange mailing list