The hackers followed through on their threats. Since May 16, World Travelers had been threatened by the Lockbite 3.0 group. These buccaneers of the web had stormed the computer system of the tour operator and had managed to get their hands on a real digital treasure. Several tens of thousands of confidential data, including in particular copies of the passports of the travel agency’s customers. World travelers having refused to deliver the demanded ransom, the cyberhackers published on May 30 nearly 7000 copies of passports on the dark web. A preliminary investigation was opened the same day, the Paris prosecutor’s office told Le Figaro, confirming information from France Info.
Contacted, Lionel Habasque, managing director of Voyageurs du Monde, explains that “as of May 16, the agency refused to play the game of pirates. We did not respond to their ransom demand. “A week after the attack, they reiterated their claims. And to put pressure on us, they then published some examples of passports,” he adds. In the absence of a response, the pirates published “nearly 7,000 copies of client passports” on the dark web. Fortunately, these leaks would be almost harmless. No banking data has been put online, “the agency does not have this kind of sensitive data whose processing is outsourced”. Moreover, “thanks to biometric passports, nothing can be done with a simple photo of an identity document”, reassures Lionel Habasque. The passports published are those of customers who have traveled via the social and economic committee (CSE) of their company, or through associations. “This clientele represents only 2% of our activity”, minimizes the general manager of Voyageurs du Monde. The tour operator’s customers were kept informed “regularly and transparently”.
Voyageurs du Monde filed a complaint and seized the CNIL, the digital policeman. The preliminary investigation opened was entrusted to the Directorate General of the National Gendarmerie (DGGN), in co-operation with the Central Office for the Fight against Cybercrime (OCLCTIC) of the judicial police. The investigations relate to several counts, including fraudulent introduction and maintenance in an automated data processing system, extortion in an organized gang or even association of criminals.
