BA.com suffers data breach
7 September 2018 | 0
The booking site for British Airways was targeted by hackers between 22:58 BST August 21 2018 and 21:45 September 5 2018 inclusive, that has resulted in some 380,000 transactions being compromised.
The airline said on its web site “We are investigating, as a matter of urgency, the theft of customer data from our website and our mobile app. The stolen data did not include travel or passport details.”
While the web site does not specify the number of users affected, other reports, such as BBC News, say that in the stated period some 380,000 transactions had occurred.
BA confirmed that while the stolen data did not include travel or passport details, it did include the personal and financial details of customers making or changing bookings.
The airline said the breach has been resolved and its web site is working normally.
“We have notified the police and relevant authorities,” said BA.
“We are deeply sorry for the disruption that this criminal activity has caused. We take the protection of our customers’ data very seriously.”
“We will be contacting affected customers directly to advise them of what has happened and are advising them to contact their banks or credit card providers and follow their recommended advice.”
Sky News is reporting that the breach took 16 days to detect.
The UK National Cyber Security Crime Centre said that it was “aware of a data breach affecting British Airways (BA)”.
“We are working with partners to better understand this incident and how it has affected customers,” it said.
Paul Farrington, head of EMEA at application security specialist Veracode has said the airline industry needs to pay greater attention to application security.
“The British Airways breach,” said Farrington, “is just another example of how, as the amount of personal data held by organisations continues to grow, hackers are finding more sophisticated ways to gain access to this data and use it to make a profit.
“Furthermore, with GDPR now in full force the board at BA will have to consider their exposure to regulatory fines, especially when it took 16 days for the breach to be detected, and if the financial losses will outstrip what it would have cost to prevent the breach in the first place.
Farrington went on to say that such issues were not just affecting British Airways, and that customers are reacting as might be expected.
“Airlines have a duty to keep the planes in the air, and the majority of investment goes into that. However, recent outages show investment should also be directed at technology. As airlines become ever more dependent on software, this creates a greater surface for hackers to attack and so it is no surprise that breaches of this scale are becoming commonplace.
“Customers are right to be angry. If UK businesses want to avoid becoming the next victim of a breach it is crucial that they take significant steps to secure their software, web applications and networks to ensure that they aren’t their weakest points of attack.”