BA: details of second customer payment details data breach

News about this airline - please include a link to the source as well as the article text itself.
User avatar
bimjim
Forum Administrator
Forum Administrator
Posts: 31238
Joined: Fri May 12, 2006

BA: details of second customer payment details data breach

Unread post by bimjim » Fri Oct 26, 2018

http://www.travolution.com/articles/109 ... ata-breach

BA reveals details of second customer payment details data breach
Lee Hayhurst
Oct 26th, 2018

British Airways suffered a second cyberattack which compromised customers’ bank card details including card-security codes.

BA revealed the attack late yesterday ahead of issuing third-quarter results. The breach occurred between April 21 and July 28, predating the security breach the airline suffered in late August and early September.

It took the number of customers whose payment cards may have been compromised in the two attacks on BA to 565,000.

Investigators believe the attacks were linked, with BA noting: “The investigation [of the August-September breach] has shown the hackers may have stolen additional personal data.”

The earlier breach appears to have involved the compromise of BA’s loyalty programme since it affected customers making reward bookings.

BA said it had notified the holders of 77,000 payment cards of the attack, revealing: “The name, billing address, email address, card payment information, including card number, expiry date and CVV [security code on the back of cards] have potentially been compromised.”

The carrier said a further 108,000 cards were compromised without the loss of CVV numbers, meaning the data of 185,000 customers was accesssed in the April-July attack.

BA also confirmed that 244,000 payment cards were “affected” by the breach between August 21 and September 5. It did not explain what it meant by “affected”.

The airline gave notice of that breach on September 6, when it said as many as 380,000 cards had been compromised.

Of the April-July breach, BA said: “The potentially impacted customers were only those making reward bookings between April 21 and July 28 and who used a payment card.

“While BA does not have conclusive evidence that the data was removed from its systems, it is taking a prudent approach in notifying potentially affected customers.”

The carrier advised customers to contact their bank or card provider.

The data breach between August 21 and September 5 was described by one cyber security expert as possibly “the worst financial data breach of all time”.

BA said: “The airline has been working continuously with specialist cyber forensic investigators and the National Crime Agency to investigate the data theft.”

User avatar
bimjim
Forum Administrator
Forum Administrator
Posts: 31238
Joined: Fri May 12, 2006

Re: BA: details of second customer payment details data breach

Unread post by bimjim » Sat Oct 27, 2018

http://atwonline.com/it-distribution/br ... ly-thought

British Airways data breach larger than originally thought
Alan Dron
Oct 26, 2018

International Airlines Group has revealed that the data breach of its British Airways (BA) customer database in September 2018 affected more customers than previously believed.

In notes to the Group’s nine-monthly accounts, the European airline group said that an intensive inquiry into the incident with specialist cyber forensic investigators and the UK’s National Crime Agency was continuing, although BA’s internal investigation was now concluding.

The investigation had shown the hackers may have stolen additional personal data. As a result, BA said it was notifying the holders of 77,000 payment cards, not previously notified, that the name, billing address, email address, card payment information, including card number, expiration date and CVV have potentially been compromised. A further 108,000 cards without the attached CVV number, which acts as an additional security layer, had also been compromised.

Potentially affected customers were only those making bookings between April 21 and July 28, 2018, using rewards from BA’s frequent flyer plan and who used a payment card.

“While British Airways does not have conclusive evidence that the data was removed from its systems, it is taking a prudent approach in notifying potentially affected customers, advising them to contact their bank or card provider as a precaution.

“In addition, from the investigation British Airways knows that fewer of the customers originally identified were impacted. Of the 380,000 payment card details identified, 244,000 were affected.”

BA added that since it made public the news of the data breach on Sept 6, it had received no verified cases of fraud.

Post Reply

Return to “British Airways”