cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
leroux
Community Champion

British Airways Breach Hits 380,0000 Card Payments

British Airways statement

From 22:58 BST August 21 2018 until 21:45 BST September 5 2018 inclusive, the personal and financial details of customers making or changing bookings on our website and app were compromised.

 

The breach has been resolved and our website is working normally. We have notified the police and relevant authorities.

 

About 380,000 transactions were affected, but the stolen data did not include travel or passport details.

5 Replies
leroux
Community Champion

British Airways has been praised for its swift response to a customer data breach, which could be the first test case under the EU’s GDPR and new UK GDPR-aligned data protection laws see more

 

SKFDavid
Viewer

Can we have some follow up information for the said case!
leroux
Community Champion

From an  article in Wired

 

RiskIQ published details tracking the British Airways hackers' strategy on Tuesday, also linking the intrusion to a criminal hacking gang that has been active since 2015. The group, which RiskIQ calls Magecart, is known for web-based credit card skimming—finding websites that don't secure payment data entry forms, and vacuuming up everything that gets submitted. But while Magecart has previously been known to use the same broadly targeted code to scoop up data from various third-party processors, RiskIQ found that the attack on British Airways was much more tailored to the company's specific infrastructure.

 

So far British Airways and law enforcement haven't publicly commented on this attribution,

leroux
Community Champion
rslade
Influencer II

> SKFDavid (Viewer) posted a new reply in GDPR on 09-10-2018 07:26 PM in the

> Can we have some follow up information for the said case!

There will probably be followup an analysis on the RISKS-Forum Digest.

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
Be very glad that your PC is insecure--it means that after you
buy it, you can break into it and install whatever software you
want. What YOU want, not what [content providers] want.
- John Gilmore
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/rslade

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468