British Airways Data Breach

The chief executive of British Airways has apologised for what he has called a very sophisticated breach of the firm's security systems. Alex Cruz told the BBC that hackers carried out a "sophisticated, malicious criminal attack" on its website.

The airline said personal and financial details of customers making bookings had been compromised. About 380,000 transactions were affected, but the stolen data did not include travel or passport details.

Breach 'resolved'
BA said the breach took place between 22:58 BST on 21 August and 21:45 BST on 5 September.

"The breach has been resolved and our website is working normally," BA said in a statement.

"We have notified the police and relevant authorities. We take the protection of our customers' data very seriously."

BA said all customers affected by the breach had been contacted on Thursday night. The breach only affects those people who bought tickets during the timeframe provided by BA, and not on other occasions. Mr Cruz added: "At the moment, our number one purpose is contacting those customers that made those transactions to make sure they contact their credit card bank providers so they can follow their instructions on how to manage that breach of data."

The airline has taken out adverts apologising for the breach in recent newspapers.

What Data was Stolen?
BA says hackers stole names, email addresses and credit card information, that would be credit card number, expiration date and the three-digit code on the back of the credit card.

What could the Hackers do with the data?
Once fraudsters have your personal information, they may be able to access your bank account, or open new accounts in your name, or use your details to make fraudulent purchases. They could also sell on your details to other crooks.
 

What do I need to do?
If you've been affected, you should change your online passwords. Then monitor your bank and credit card accounts keeping an eye out for any dodgy transactions. Also be very wary of any emails or calls asking for more information to help deal with the data breach: crooks often pose as police, banks or, in this instance they could pretend to be from BA.
 

Will my booking be affected?
BA says none of the bookings have been hit by the breach. It said it has contacted all those affected to alert them to the problem with their data, but booked flights should go ahead.
 

Will there be compensation for me?
If you suffer any financial loss or hardship, the airline has promised to compensate you.
Investigations

Mr Cruz said that BA has a network of partners that monitor websites around the world. The cyber-attack was first discovered on the evening of Wednesday, 5 September, when a partner alerted the airline, which began investigating overnight to identify just how serious the attack was.

"The moment that actual customer data had been compromised, that's when we began immediate communication to our customers."

Under the newly enforced rules on protecting customer data  BA could face potentially significant fines from the Information Commissioner's Office, which is looking into the breach. 

The National Crime Agency and National Cyber Security Centre confirmed they were assessing the incident. Shares in BA owner IAG fell by 2.5% in early trade on Friday 7th Sept.

BBC

You Might Also Read:

British Airways Fake Facebook Page:

 

« Big Companies Have An Achilles Heel
DARPA Attempt Telepathic Communication With Drones »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Internet Security Alliance (ISA)

Internet Security Alliance (ISA)

ISA is an international trade association providing thought leadership in advancing a sustainable system of cyber security.

Smoothwall

Smoothwall

Smoothwall develop intelligent web filtering, Monitoring and security solutions designed to protect users worldwide.

VietSunshine

VietSunshine

VietSunshine is a leading provider of network security infrastructure and solutions in Vietnam.

TechBeacon

TechBeacon

TechBeacon.com is a digital hub by and for software engineering, IT and security professionals sharing practical and passionate guidance to real-world challenges.

Phosphorus Cybersecurity

Phosphorus Cybersecurity

Phosphorus has fully automated remediation of the two biggest IoT vulnerabilities, out of date firmware and default credentials.

Symantec

Symantec

Symantec delivers data-centric hybrid security for the largest, most complex organizations in the world – on devices, in private data centers, and in the cloud.

ThreatModeler

ThreatModeler

ThreatModeler is an automated threat modeling solution that fortifies an enterprise’s Software Development Lifecycle by identifying, predicting and defining threats.

Calypso AI

Calypso AI

Calypso AI build software products that solve complex AI risks for national security and highly-regulated industries.

Clone Systems

Clone Systems

Clone Systems is an award winning global cloud based managed security as a service provider.

TransUnion

TransUnion

TransUnion is a global information and insights company that makes it possible for businesses and consumers to transact with confidence.

Opticks Security

Opticks Security

Opticks provides fraud detection and monitoring solutions for leading brands. agencies and networks. Our relentless mission is to deliver reliable and innovative software to beat digital fraud.

Crowe

Crowe

Crowe is a public accounting, consulting, and technology firm that combines deep industry and specialized expertise with innovation.

Green Radar

Green Radar

Green Radar is a next generation cybersecurity company which combines technologies and services together to deliver Threat Detection for Emails and Deep Threat Analytics and Response.

PreVeil

PreVeil

We started PreVeil to bring radically better security to ordinary business and personal communication and information storage.

Primary Guard

Primary Guard

Primary Guard provides IT solutions and computing technologies that help minimize impact from cyber threats, improve business efficiency and maintain essential functions during or after a disaster.

SecondSight

SecondSight

SecondSight’s Vertical AI embodies a full-spectrum approach to cyber insurance, facilitating accurate digital risk profiling.