https://community.isc2.org/t5/Privacy/British-Airways-Breach-Hits-380-0000-Card-Payments/m-p/14428#M589 <P><FONT size="4">British Airways has been praised for its swift response to a customer data breach, which could be the first test case under the EU’s GDPR and new UK GDPR-aligned data protection laws<A href="https://www.computerweekly.com/news/252448274/BA-praised-for-swift-GDPR-aligned-action-on-data-breach" target="_self"> see more</A></FONT></P><P>&nbsp;</P> Fri, 07 Sep 2018 11:24:34 GMT leroux 2018-09-07T11:24:34Z https://community.isc2.org/t5/Privacy/British-Airways-Breach-Hits-380-0000-Card-Payments/m-p/14422#M588 <P><A href="https://www.britishairways.com/en-gb/information/incident/data-theft/latest-information" target="_self">British Airways statement</A></P><P>From 22:58 BST August 21 2018 until 21:45 BST September 5 2018 inclusive, the personal and financial details of customers making or changing bookings on our website and app were compromised.</P><P>&nbsp;</P><P>The breach has been resolved and our website is working normally. We have notified the police and relevant authorities.</P><P>&nbsp;</P><P><SPAN>About 380,000 transactions were affected, but the stolen data did not include travel or passport details.</SPAN></P> Mon, 09 Oct 2023 08:56:09 GMT https://community.isc2.org/t5/Privacy/British-Airways-Breach-Hits-380-0000-Card-Payments/m-p/14422#M588 leroux 2023-10-09T08:56:09Z https://community.isc2.org/t5/Privacy/British-Airways-Breach-Hits-380-0000-Card-Payments/m-p/14428#M589 <P><FONT size="4">British Airways has been praised for its swift response to a customer data breach, which could be the first test case under the EU’s GDPR and new UK GDPR-aligned data protection laws<A href="https://www.computerweekly.com/news/252448274/BA-praised-for-swift-GDPR-aligned-action-on-data-breach" target="_self"> see more</A></FONT></P><P>&nbsp;</P> Fri, 07 Sep 2018 11:24:34 GMT https://community.isc2.org/t5/Privacy/British-Airways-Breach-Hits-380-0000-Card-Payments/m-p/14428#M589 leroux 2018-09-07T11:24:34Z https://community.isc2.org/t5/Privacy/British-Airways-Breach-Hits-380-0000-Card-Payments/m-p/14567#M590 Can we have some follow up information for the said case! Mon, 10 Sep 2018 23:26:17 GMT https://community.isc2.org/t5/Privacy/British-Airways-Breach-Hits-380-0000-Card-Payments/m-p/14567#M590 SKFDavid 2018-09-10T23:26:17Z https://community.isc2.org/t5/Privacy/British-Airways-Breach-Hits-380-0000-Card-Payments/m-p/14569#M591 <P><A href="https://www.wired.com/story/british-airways-hack-detaeils/" target="_self">From an&nbsp; article in Wired</A></P><P>&nbsp;</P><P><SPAN>RiskIQ published details tracking the British Airways hackers' strategy on Tuesday, also linking the intrusion to a criminal hacking gang that has been active since 2015. The group, which RiskIQ calls Magecart, is known for web-based credit card skimming—finding websites that don't secure payment data entry forms, and vacuuming up everything that gets submitted. But while Magecart has previously been known to use the same broadly targeted code to scoop up data from various third-party processors, RiskIQ found that the attack on British Airways was much more tailored to the company's specific infrastructure.</SPAN></P><P>&nbsp;</P><P><SPAN>So far British Airways and law enforcement haven't publicly commented on this attribution,</SPAN></P> Tue, 11 Sep 2018 09:41:10 GMT https://community.isc2.org/t5/Privacy/British-Airways-Breach-Hits-380-0000-Card-Payments/m-p/14569#M591 leroux 2018-09-11T09:41:10Z https://community.isc2.org/t5/Privacy/British-Airways-Breach-Hits-380-0000-Card-Payments/m-p/14572#M592 <P><A href="https://www.riskiq.com/blog/labs/magecart-british-airways-breach/" target="_self">The full Risqiq report about the British Airways hacking</A></P> Tue, 11 Sep 2018 15:22:20 GMT https://community.isc2.org/t5/Privacy/British-Airways-Breach-Hits-380-0000-Card-Payments/m-p/14572#M592 leroux 2018-09-11T15:22:20Z https://community.isc2.org/t5/Privacy/British-Airways-Breach-Hits-380-0000-Card-Payments/m-p/14579#M593 &gt; SKFDavid (Viewer) posted a new reply in GDPR on 09-10-2018 07:26 PM in the<BR /><BR />&gt; Can we have some follow up information for the said case!<BR /><BR />There will probably be followup an analysis on the RISKS-Forum Digest.<BR /><BR />====================== (quote inserted randomly by Pegasus Mailer)<BR />rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org<BR />Be very glad that your PC is insecure--it means that after you<BR />buy it, you can break into it and install whatever software you<BR />want. What YOU want, not what [content providers] want.<BR />- John Gilmore<BR />victoria.tc.ca/techrev/rms.htm <A href="http://www.infosecbc.org/links" target="_blank">http://www.infosecbc.org/links</A><BR /><A href="http://blogs.securiteam.com/index.php/archives/author/p1/" target="_blank">http://blogs.securiteam.com/index.php/archives/author/p1/</A><BR /><A href="http://twitter.com/rslade" target="_blank">http://twitter.com/rslade</A> Tue, 11 Sep 2018 17:11:00 GMT https://community.isc2.org/t5/Privacy/British-Airways-Breach-Hits-380-0000-Card-Payments/m-p/14579#M593 rslade 2018-09-11T17:11:00Z