British Airways Data Breach

Uploaded on 2018-09-10 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Transport & Travel

The chief executive of British Airways has apologised for what he has called a very sophisticated breach of the firm's security systems. Alex Cruz told the BBC that hackers carried out a "sophisticated, malicious criminal attack" on its website.

The airline said personal and financial details of customers making bookings had been compromised. About 380,000 transactions were affected, but the stolen data did not include travel or passport details.

Breach 'resolved'
BA said the breach took place between 22:58 BST on 21 August and 21:45 BST on 5 September.

"The breach has been resolved and our website is working normally," BA said in a statement.

"We have notified the police and relevant authorities. We take the protection of our customers' data very seriously."

BA said all customers affected by the breach had been contacted on Thursday night. The breach only affects those people who bought tickets during the timeframe provided by BA, and not on other occasions. Mr Cruz added: "At the moment, our number one purpose is contacting those customers that made those transactions to make sure they contact their credit card bank providers so they can follow their instructions on how to manage that breach of data."

The airline has taken out adverts apologising for the breach in recent newspapers.

What Data was Stolen?
BA says hackers stole names, email addresses and credit card information, that would be credit card number, expiration date and the three-digit code on the back of the credit card.

What could the Hackers do with the data?
Once fraudsters have your personal information, they may be able to access your bank account, or open new accounts in your name, or use your details to make fraudulent purchases. They could also sell on your details to other crooks.
 

What do I need to do?
If you've been affected, you should change your online passwords. Then monitor your bank and credit card accounts keeping an eye out for any dodgy transactions. Also be very wary of any emails or calls asking for more information to help deal with the data breach: crooks often pose as police, banks or, in this instance they could pretend to be from BA.
 

Will my booking be affected?
BA says none of the bookings have been hit by the breach. It said it has contacted all those affected to alert them to the problem with their data, but booked flights should go ahead.
 

Will there be compensation for me?
If you suffer any financial loss or hardship, the airline has promised to compensate you.
Investigations

Mr Cruz said that BA has a network of partners that monitor websites around the world. The cyber-attack was first discovered on the evening of Wednesday, 5 September, when a partner alerted the airline, which began investigating overnight to identify just how serious the attack was.

"The moment that actual customer data had been compromised, that's when we began immediate communication to our customers."

Under the newly enforced rules on protecting customer data  BA could face potentially significant fines from the Information Commissioner's Office, which is looking into the breach. 

The National Crime Agency and National Cyber Security Centre confirmed they were assessing the incident. Shares in BA owner IAG fell by 2.5% in early trade on Friday 7th Sept.

BBC

You Might Also Read:

British Airways Fake Facebook Page:

 

« Big Companies Have An Achilles Heel
DARPA Attempt Telepathic Communication With Drones »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Zybert Computing

Zybert Computing

Zybert Computing provide server solutions with built-in security and information protection features for the SME market.

CDW

CDW

CDW is a leading multi-brand provider of information technology solutions to business, government, education and healthcare customers in the United States, the United Kingdom and Canada.

NSFOCUS Information Technology

NSFOCUS Information Technology

NSFOCUS is a global service provider and enterprise DDoS mitigation solution provider.

Alarum Technologies

Alarum Technologies

Alarum Technologies (formerly Safe-T) is a global provider of cyber security and privacy solutions to consumers and enterprises.

Cryptomathic

Cryptomathic

Cryptomathic is an expert on commercial crypto - we develop, deliver and support the most secure and efficient off-the-shelf and customised solutions.

Excelerate Systems

Excelerate Systems

Excelerate Systems is a leading provider of IT services with a focus on Big Data, Cloud Services and Security.

CyberStream

CyberStream

CyberStream, a division of the TechStream Group, is an information & cybersecurity talent acquisition solution provider.

Assac Networks

Assac Networks

Assac Networks ShieldIT is an app that completely protects any BYOD smartphone from both tapping and hacking.

spriteCloud

spriteCloud

spriteCloud is an independent software testing, test automation and cybersecurity services provider.

AwareGO

AwareGO

AwareGO is a global provider of security awareness training content and solutions that help enterprises improve cybersecurity awareness in the workplace.

Maritime Cyber Threats Research Group - University of Plymouth

Maritime Cyber Threats Research Group - University of Plymouth

The Maritime Cyber Threats research group of the University of Plymouth is focused on investigating marine cyber threats and researching solutions.

GTT Communications

GTT Communications

GTT are a global network provider that serves thousands of multinational and national enterprise, government and carrier customers with a portfolio of advanced connectivity and security services.

Seven AI

Seven AI

Seven AI develops cyber security software designed to identify online threats.

Trofi Security

Trofi Security

Trofi Security provides Information Technology and Information Security services to organizations in both the public and private sectors.

Kaavalan

Kaavalan

Kaavalan was founded with a mission and a vision to protect you against cyber threats in the connected world.

Tuskira

Tuskira

Tuskira is a Preemptive Cyber Defense & Response Platform powered by Agentic AI, designed to go beyond traditional vulnerability management.