Hackers have carried out their threats. Since May 16, Voyageurs du monde was threatened by the Lockbite 3.0 group. These web buccaneers had stormed the tour operator's computer system and had managed to get their hands on a real digital treasure. Several tens of thousands of confidential data, including copies of the passports of the travel agency's customers. Travelers of the world having refused to deliver the ransom demanded, the cyberhackers published on May 30 nearly 7000,<> copies of passports on the dark web. A preliminary investigation was opened the same day, says the Paris prosecutor's office to Le Figaro, confirming information from France Info.
Contacted, Lionel Habasque, CEO of Voyageurs du Monde, explains that "from May 16, the agency refused to play the game of pirates. We did not follow up on their ransom demand." "A week after the attack, they reiterated their demands. And to put pressure on us, they then published some examples of passports," he adds. In the absence of a response, the forbans posted "nearly 7000,2 copies of customer passports" on the dark web. Fortunately, these leaks would be almost harmless. No banking data has been put online, "the agency does not have this kind of sensitive data whose processing is outsourced". In addition, "thanksto biometric passports, we can not do anything with a simple photo of an identity document," reassures Lionel Habasque. The passports published are those of customers who have travelled via the social and economic committee (CSE) of their company, or through associations. "This clientele represents only <>% of our activity," minimizes the director general of Voyageurs du Monde. The tour operator's customers were kept informed "regularly and transparently".
See alsoInternet piracy: 166 sites blocked since the end of 2022 according to Arcom
Voyageurs du Monde filed a complaint and referred the matter to the CNIL, the digital policeman. The preliminary investigation opened was entrusted to the General Directorate of the National Gendarmerie (DGGN), in joint consultation with the Central Office for the Fight against Cybercrime (OCLCTIC) of the judicial police. The investigations relate to several charges, including fraudulent introduction and maintenance in an automated data processing system, extortion in an organized gang or criminal association.