Rejsebureauer med IATA-akkreditering er formentlig allerede klar over det, men for en god ordens skyld informerer vi hermed om, at at IATAs underleverandør af billet-betalingssystemet ”BSP”, er ramt af et ransomware-angreb.
Angrebet har betydet, at det siden 3. august 2022 ikke har været muligt at få adgang til den nye version af BSP. Den gamle udgave af BSP kan fortsat anvendes, om end der er indikationer på at det i kortere perioder også er ude af drift.
IATA er i gang med at udrede problemet, men kan ikke sige noget om, hvor længe det kommer til at vare og hvilke data, der eventuelt er lækket.
Læs hele IATAs meddelelse her, hvor du også finder link til kundeservice mm.:
Please be advised that one of our suppliers, Accelya, who host the BSPLink on our behalf, has been the subject of a ransomware attack. Please find attached a formal notification from IATA to you in relation to this security incident and which provides further information that we are aware of at this time.
We are working with Accelya to ascertain further details and information and will be in contact as further information becomes available.
We are writing to inform you that we have become aware of a ransomware (AlphV Blackcat) attack which has affected our service provider Accelya (data processing centre based in Madrid) (https://w3.accelya.com/about-us/). The attack on Accelya has affected the operation of our new BSPLink and as such Accelya reverted to the classic BSPLink to ensure continued operations of the system.
At this point in time, it’s unclear exactly what BSP data or if any replicated data used by Accelya in its own solution(s) has been compromised or leaked because of the security incident. We are therefore currently unable to confirm what (if any) categories of personal data and approximate number and records of data have been affected.
Further details of the incident
Regrettably the information we have been provided by Accelya has been extremely limited, notwithstanding attempts to press them for further details.
We understand that on 3 August 2022 Accelya identified that they were the subject of a ransomware attack. Accelya informed us on 5 August 2022 of service delivery difficulties, and that these were due to the ransomware attack that had occurred on the 3 August 2022 and advised us on the 16 August 2022 the nature and identity of the ransomware. We understand that the attack has affected the primary and separate backup for the new BSPLink that Accelya operates.
At this time Accelya have said they cannot confirm whether personal data processed for you within the BSP systems has been directly impacted within the attack, and they are estimating it will take them at least 2-3 weeks to confirm the position. They have engaged a third-party forensic investigation firm to assist them.