British Airways Data Breach

Uploaded on 2018-09-10 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Transport & Travel

The chief executive of British Airways has apologised for what he has called a very sophisticated breach of the firm's security systems. Alex Cruz told the BBC that hackers carried out a "sophisticated, malicious criminal attack" on its website.

The airline said personal and financial details of customers making bookings had been compromised. About 380,000 transactions were affected, but the stolen data did not include travel or passport details.

Breach 'resolved'
BA said the breach took place between 22:58 BST on 21 August and 21:45 BST on 5 September.

"The breach has been resolved and our website is working normally," BA said in a statement.

"We have notified the police and relevant authorities. We take the protection of our customers' data very seriously."

BA said all customers affected by the breach had been contacted on Thursday night. The breach only affects those people who bought tickets during the timeframe provided by BA, and not on other occasions. Mr Cruz added: "At the moment, our number one purpose is contacting those customers that made those transactions to make sure they contact their credit card bank providers so they can follow their instructions on how to manage that breach of data."

The airline has taken out adverts apologising for the breach in recent newspapers.

What Data was Stolen?
BA says hackers stole names, email addresses and credit card information, that would be credit card number, expiration date and the three-digit code on the back of the credit card.

What could the Hackers do with the data?
Once fraudsters have your personal information, they may be able to access your bank account, or open new accounts in your name, or use your details to make fraudulent purchases. They could also sell on your details to other crooks.
 

What do I need to do?
If you've been affected, you should change your online passwords. Then monitor your bank and credit card accounts keeping an eye out for any dodgy transactions. Also be very wary of any emails or calls asking for more information to help deal with the data breach: crooks often pose as police, banks or, in this instance they could pretend to be from BA.
 

Will my booking be affected?
BA says none of the bookings have been hit by the breach. It said it has contacted all those affected to alert them to the problem with their data, but booked flights should go ahead.
 

Will there be compensation for me?
If you suffer any financial loss or hardship, the airline has promised to compensate you.
Investigations

Mr Cruz said that BA has a network of partners that monitor websites around the world. The cyber-attack was first discovered on the evening of Wednesday, 5 September, when a partner alerted the airline, which began investigating overnight to identify just how serious the attack was.

"The moment that actual customer data had been compromised, that's when we began immediate communication to our customers."

Under the newly enforced rules on protecting customer data  BA could face potentially significant fines from the Information Commissioner's Office, which is looking into the breach. 

The National Crime Agency and National Cyber Security Centre confirmed they were assessing the incident. Shares in BA owner IAG fell by 2.5% in early trade on Friday 7th Sept.

BBC

You Might Also Read:

British Airways Fake Facebook Page:

 

« Big Companies Have An Achilles Heel
DARPA Attempt Telepathic Communication With Drones »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Digitus Biometrics

Digitus Biometrics

Digitus Biometrics is a market leader in biometric access control. We can secure access to any entry point, from the front door to the server rack cabinet.

Foundation for Strategic Research (FRS)

Foundation for Strategic Research (FRS)

The Foundation for Strategic Research is France's main independent think tank on strategic, defense and security issues. Cyber security is covered as part of the study areas.

European Cyber Security Organisation (ECSO)

European Cyber Security Organisation (ECSO)

The main objective of ECSO is to support all types of initiatives or projects that aim to develop, promote and encourage European cybersecurity.

EY Advisory

EY Advisory

EY is a multinational professional services firm headquartered in the UK. EY Advisory service areas include Cybersecurity.

SecureMetric Technology

SecureMetric Technology

SecureMetric is one of SE Asia’s leading players in the field of digital security with a focus on Software Licensing Protection, 2-Factor Authentication, Advanced Identity and Access Management, Publi

Axiad IDS

Axiad IDS

Axiad IDS is a Trusted Identity solutions provider for enterprise, government and financial organizations.

MBL Technologies

MBL Technologies

MBL Technologies specializes in information assurance, enterprise security, privacy, and program/project management.

MENAInfoSecurity

MENAInfoSecurity

MENAInfoSecurity is a regional leader in information security solutions, assurance services and managed services.

Data Destruction London

Data Destruction London

Data Destruction London offers fast, confidential and compliant expert data destruction services to businesses and organisations in London.

SAP National Security Services (NS2)

SAP National Security Services (NS2)

SAP NS2 are dedicated to delivering the best of SAP innovation, from cloud to predictive analytics; machine learning to data fusion.

GoPlus Security

GoPlus Security

GoPlus is working as the "security infrastructure" for web3, by providing open, permissionless, user-driven Security Services.

Digital Security by Design (DSbD)

Digital Security by Design (DSbD)

Digital Security by Design is an initiative supported by the UK government to transform digital technology and create a more resilient, and secure foundation for a safer future.

Cyber Ranges

Cyber Ranges

Cyber Ranges is the next-generation cyber range for the development of cyber capabilities and the validation of cyber security skills and organizational cyber resilience.

AnzenSage

AnzenSage

AnzenSage is a cybersecurity advisory consultancy specializing in security risk resilience for the food sector: agriculture, food manufacturing, food supply chain, vineyards, and wineries.

Ermes

Ermes

Ermes – Intelligent Web Protection provides companies with a solution that effectively secures them against web threats.

NexusTek

NexusTek

NexusTek is a managed IT services provider with a comprehensive portfolio comprised of end-user services, cloud, infrastructure, cyber security, and IT consulting.