British Airways Data Breach

Uploaded on 2018-09-10 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Transport & Travel

The chief executive of British Airways has apologised for what he has called a very sophisticated breach of the firm's security systems. Alex Cruz told the BBC that hackers carried out a "sophisticated, malicious criminal attack" on its website.

The airline said personal and financial details of customers making bookings had been compromised. About 380,000 transactions were affected, but the stolen data did not include travel or passport details.

Breach 'resolved'
BA said the breach took place between 22:58 BST on 21 August and 21:45 BST on 5 September.

"The breach has been resolved and our website is working normally," BA said in a statement.

"We have notified the police and relevant authorities. We take the protection of our customers' data very seriously."

BA said all customers affected by the breach had been contacted on Thursday night. The breach only affects those people who bought tickets during the timeframe provided by BA, and not on other occasions. Mr Cruz added: "At the moment, our number one purpose is contacting those customers that made those transactions to make sure they contact their credit card bank providers so they can follow their instructions on how to manage that breach of data."

The airline has taken out adverts apologising for the breach in recent newspapers.

What Data was Stolen?
BA says hackers stole names, email addresses and credit card information, that would be credit card number, expiration date and the three-digit code on the back of the credit card.

What could the Hackers do with the data?
Once fraudsters have your personal information, they may be able to access your bank account, or open new accounts in your name, or use your details to make fraudulent purchases. They could also sell on your details to other crooks.
 

What do I need to do?
If you've been affected, you should change your online passwords. Then monitor your bank and credit card accounts keeping an eye out for any dodgy transactions. Also be very wary of any emails or calls asking for more information to help deal with the data breach: crooks often pose as police, banks or, in this instance they could pretend to be from BA.
 

Will my booking be affected?
BA says none of the bookings have been hit by the breach. It said it has contacted all those affected to alert them to the problem with their data, but booked flights should go ahead.
 

Will there be compensation for me?
If you suffer any financial loss or hardship, the airline has promised to compensate you.
Investigations

Mr Cruz said that BA has a network of partners that monitor websites around the world. The cyber-attack was first discovered on the evening of Wednesday, 5 September, when a partner alerted the airline, which began investigating overnight to identify just how serious the attack was.

"The moment that actual customer data had been compromised, that's when we began immediate communication to our customers."

Under the newly enforced rules on protecting customer data  BA could face potentially significant fines from the Information Commissioner's Office, which is looking into the breach. 

The National Crime Agency and National Cyber Security Centre confirmed they were assessing the incident. Shares in BA owner IAG fell by 2.5% in early trade on Friday 7th Sept.

BBC

You Might Also Read:

British Airways Fake Facebook Page:

 

« Big Companies Have An Achilles Heel
DARPA Attempt Telepathic Communication With Drones »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Packet Storm

Packet Storm

Packet Storm is an online resource for security tools, whitepapers, exploits, and advisories on computer security issues.

Cypress Semiconductor

Cypress Semiconductor

Cypress is a semiconductor design and manufacturing company providing embedded devices for secure IoT applications.

PakCERT

PakCERT

PakCERT is the national Computer Emergency Response Team for Pakistan.

Woz U

Woz U

Woz U provides best-in-class technology training for Learners, Higher-Ed and Corporations. We focus on the most in-demand occupations such as Software Development, Data Science and Cyber Security.

i-Sprint Innovations

i-Sprint Innovations

i-Sprint is a leader in Securing Identity and Transactions in the Cyber World for industries that are security sensitive.

US-Africa Cybersecurity Group (USAFCG)

US-Africa Cybersecurity Group (USAFCG)

USAFCG provides cybersecurity consulting services and delivers training programs for capacity building in Africa.

Britive

Britive

The Britive Platform is a cloud-native security solution built for the most demanding cloud-forward enterprises.

Scrut Automation

Scrut Automation

Scrut Automation's mission is to make compliance less painful and time consuming, so that businesses can focus on running their business.

Valeo Networks

Valeo Networks

Valeo Networks is a full-service Managed Security Service Provider (MSSP). We partner with organizations to remove the burden of technology so that they can focus on growing their business.

Cryptr

Cryptr

Cryptr provides plug and play authentication to manage all your authentication strategies in one place with just a few lines of code.

CyBourn

CyBourn

Cybourn's diverse offerings include engineering, analysis, product development, assessment, and advisory services in the cybersecurity space.

Redcoat AI

Redcoat AI

Redcoat AI provide a comprehensive security platform that continuously evolves with the threats and opportunities presented by AI.

Cyberagentur (Cyber Agency)

Cyberagentur (Cyber Agency)

Cyberagentur is the Federal Agency in Germany for innovation in cybersecurity. Our mission is to advance research and groundbreaking innovations in the field of cybersecurity and related technologies.

Argantic

Argantic

Argantic aims to help organisations thrive and reach their full potential in a modern cloud-centric era.

UBDS Digital

UBDS Digital

UBDS Digital is your Digital Lifecycle Partner for Secure Cloud Transformation.

TrustFour

TrustFour

TrustFour is a pioneer in workload and non-human identity security, providing innovative solutions for compliance, remediation, post quantum resiliency, and advanced threat defense.