British Airways Hack Was Much Bigger Than First Admitted

The cyber-attack on British Airways affected even more customers than originally thought, according to its owner IAG.

A further 185,000 customers might have had their personal details stolen during the hack, it said.

The group said in a stock exchange announcement that as part of an investigation into a cyber breach that took place earlier this year, it is contacting two groups of customers not previously notified.

This includes the holders of 77,000 payment cards whose name, billing address, email address, card payment information, including card number, expiry date and Card Verification Value, have potentially been compromised.

A further 108,000 people's personal details without Card Verification Value have also been compromised.

Those impacted were people making reward bookings between April 21 and July 28, 2018, and who used a payment card.

In September, thousands of BA customers had to cancel their credit cards after the airline admitted that a 15-day data hack had compromised 380,000 payments, prompting a criminal inquiry led by specialist cyber officers from the National Crime Agency (NCA).

The firm said today that of the 380,000 payment card details identified, 244,000 were affected.

"While British Airways does not have conclusive evidence that the data was removed from its systems, it is taking a prudent approach in notifying potentially affected customers, advising them to contact their bank or card provider as a precaution," IAG said.

"Since the announcement on September 6, 2018, British Airways can confirm that it has had no verified cases of fraud."

British Airways is facing a multimillion-pound fine as a result of the data breach, which the airline's chief executive described as a "malicious criminal attack".

Cyber criminals behind the attack obtained enough credit card details to use them, and BA now faces a possible fine of around £500 million over the breach, with the Information Commissioner's Office (ICO) also investigating the incident.

BA's data breach took place after the introduction of the new Data Protection Act, which includes the provisions of the new European General Data Protection Regulation (GDPR). 

Under the new regulations, the maximum penalty for a company hit with a data breach is a fine of either £17 million or 4% of global turnover, whichever is greater. 

In the year ended December 31 2017, BA's total revenue was £12.2 billion, meaning the company could face a fine of around £500 million if the ICO takes action.

Independent:

You Might Also Read:

The BA Hack And How Not To Respond To A Cyber Attack

« Pay-As-You-Go Cybersecurity
School Training On Child Abuse And Cyber Security »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Webroot

Webroot

Webroot delivers next-generation endpoint security and threat intelligence services to protect businesses and individuals around the globe.

Parasoft

Parasoft

Parasoft is an independent software testing and software quality assurance tool and solution vendor.

Kualitatem

Kualitatem

Kualitatem Inc. is an independent software testing and information systems auditing company

Secura

Secura

The Secura Cyber Security and Intelligence system predicts and prevents security threats by discovering hidden patterns through the meticulous analysis of large amounts of data.

Risk Based Security (RBS)

Risk Based Security (RBS)

Risk Based Security provide the most comprehensive and timely vulnerability intelligence, breach data and risk ratings.

Astaara

Astaara

Astaara is an integrated insurance services and risk management advisory business incorporating cyber risk advisory, underwriting and analytics.

Cord3

Cord3

Cord3 delivers data protection, even from trusted administrators – or hackers posing as administrators – with high privilege.

CyFIR

CyFIR

CyFIR is a network investigation and Incident Response tool for performing live computer investigations across any size enterprise.

OwnZap Infosec

OwnZap Infosec

OwnZap Infosec aims to digitally shield the cyberspace by offering services like Penetration Testing and Red Teaming, Infrastructure Security Testing, and Vulnerability Assessments.

European Center for CyberSecurity in Aviation (ECCSA)

European Center for CyberSecurity in Aviation (ECCSA)

ECCSA is a cooperative partnership within the aviation community to better understand emerging cybersecurity risks in aviation and provide collective support in dealing with cybersecurity incidents.

Mandiant

Mandiant

Mandiant deliver dynamic cyber defense solutions powered by industry-leading expertise, intelligence and innovative technology.

SpiderOak

SpiderOak

SpiderOak's portfolio of Secure Communication & Collaboration products ensure the confidentiality, integrity, and availability of your most sensitive data in any environment.

Cognisys Group

Cognisys Group

Cognisys provides cyber security penetration testing and compliance services from its offices in Leeds and Manchester.

CI-ISAC Australia

CI-ISAC Australia

CI-ISAC has been designed to support and promote existing legislation and Government initiatives that are working to uplift cyber resilience across critical infrastructure sectors.

Verastel

Verastel

Specializing in the niche space of proactive cyber-defense, and adaptive resilience, team Verastel is bolstering enterprise digital security like never before.

Venticento

Venticento

Venticento is an IT company specialized in consulting and network support and assistance for companies that need to make their business processes more effective.