British Airways Hack Was Much Bigger Than First Admitted

Uploaded on 2018-11-01 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Transport & Travel

The cyber-attack on British Airways affected even more customers than originally thought, according to its owner IAG.

A further 185,000 customers might have had their personal details stolen during the hack, it said.

The group said in a stock exchange announcement that as part of an investigation into a cyber breach that took place earlier this year, it is contacting two groups of customers not previously notified.

This includes the holders of 77,000 payment cards whose name, billing address, email address, card payment information, including card number, expiry date and Card Verification Value, have potentially been compromised.

A further 108,000 people's personal details without Card Verification Value have also been compromised.

Those impacted were people making reward bookings between April 21 and July 28, 2018, and who used a payment card.

In September, thousands of BA customers had to cancel their credit cards after the airline admitted that a 15-day data hack had compromised 380,000 payments, prompting a criminal inquiry led by specialist cyber officers from the National Crime Agency (NCA).

The firm said today that of the 380,000 payment card details identified, 244,000 were affected.

"While British Airways does not have conclusive evidence that the data was removed from its systems, it is taking a prudent approach in notifying potentially affected customers, advising them to contact their bank or card provider as a precaution," IAG said.

"Since the announcement on September 6, 2018, British Airways can confirm that it has had no verified cases of fraud."

British Airways is facing a multimillion-pound fine as a result of the data breach, which the airline's chief executive described as a "malicious criminal attack".

Cyber criminals behind the attack obtained enough credit card details to use them, and BA now faces a possible fine of around £500 million over the breach, with the Information Commissioner's Office (ICO) also investigating the incident.

BA's data breach took place after the introduction of the new Data Protection Act, which includes the provisions of the new European General Data Protection Regulation (GDPR). 

Under the new regulations, the maximum penalty for a company hit with a data breach is a fine of either £17 million or 4% of global turnover, whichever is greater. 

In the year ended December 31 2017, BA's total revenue was £12.2 billion, meaning the company could face a fine of around £500 million if the ICO takes action.

Independent:

You Might Also Read:

The BA Hack And How Not To Respond To A Cyber Attack

« Pay-As-You-Go Cybersecurity
School Training On Child Abuse And Cyber Security »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Renaissance

Renaissance

Renaissance is Ireland's premier value added distributor of IT security solutions and a leading independent provider of business continuity consultancy.

Aeriandi

Aeriandi

Aeriandi is a leading provider of hosted PCI security compliance solutions for call centres, trusted by high street banks and major Telcos.

Perseus Cyber Security

Perseus Cyber Security

Perseus provides all-around digital protection for small and medium-sized businesses through state-of-the-art software solutions, flexible online training and emergency response.

PeckShield

PeckShield

PeckShield is a blockchain security company which aims to elevate the security, privacy, and usability of entire blockchain ecosystem by offering top-notch, industry-leading services and products.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Netsurion

Netsurion

Netsurion powers secure and agile networks for highly distributed and small-to-medium enterprises and the IT providers that serve them.

CyGlass

CyGlass

CyGlass simply and effectively identifies, detects, and responds to threats to your network without requiring any additional hardware, software, or people.

European Cyber Competence Network

European Cyber Competence Network

The purpose of the European Cyber Competence Network is to retain and develop the cybersecurity technological and industrial capacities of the EU necessary to secure its Digital Single Market.

Sunartek Labs

Sunartek Labs

Sunartek are equipped with expert resources and advanced technology to identify cyber threats and prevent any breach, bypassing the security network of your organization.

Comparitech

Comparitech

Comparitech strives to promote cyber security and privacy for all. We are committed to providing detailed information to help our readers become more cyber secure and cyber aware.

Surefire Cyber

Surefire Cyber

Surefire Cyber delivers swift, strong response to cyber incidents such as ransomware, email compromise, malware, data theft, and other threats with end-to-end response capabilities.

Resourcive

Resourcive

Resourcive is the first Value Added Sourcing “VAS” consultancy. We deliver strategic IT sourcing solutions to mid-market and enterprise clients.

CodeLock

CodeLock

Codelock is a patent-pending solution that continuously provides software security at the code level, while providing advanced management insights with performance metrics and data analytics.

Three Wire Systems

Three Wire Systems

Three Wire is a leader in innovative and efficient technology solutions for government agencies and large enterprise corporations.

ConvergePoint

ConvergePoint

ConvergePoint is the leading compliance software provider on the Microsoft Office 365 SharePoint platform.

Point Wild

Point Wild

Point Wild is a holding company that acquires, integrates and manages a diverse portfolio of best-in-class cybersecurity brands for consumers and enterprises.