British Airways have said that about 380,000 card payments made on its website and mobile app between 10.58pm on 21st August and 9.45 on 5th September have been compromised.
Data Types
Personal and financial information of customers during that period were compromised, British Airways say that no travel details or passport information was taken.
What Happened?
The information from BA states that “This was a very sophisticated effort by criminal gangs” to obtain the information, they say that the encryption used by the airline was not compromised.
BA have notified the ICO and the NCA about the incident and are working with them to assess the best course of action.
From the information given, it appears likely that the information was stolen from it’s website processing mechanism, maybe a rogue snippet of code was added, possibly by a third party app, that allowed the information to be scraped off the page or app before being sent for processing.
What Should I Do?
British Airways have said they are in the process of contacting affected customers and have advised they contact their banks or card providers and follow their advice. They have said they will compensate any customers who have a financial loss as a result of the breach.
If you have used British Airways during the 15 day window, you should contact your bank or card issuer as a precaution and monitor your transactions for any suspicious activity.
BA have said that their systems are working normally and the breach should not have any impact on existing flight arrangements. If the ICO find that BA have been negligent of their data security, under the new GDPR laws they could face fines of up to £500 million.
Piggy-Back Scams
It’s likely that fraudsters will try to capitalise on this breach by sending out fake emails, texts, phone calls or messages via social media. As always they will be out to scam you, and you’re unlikely to be compensated if you fall for one of these piggy-back scams.
Always follow some simple precautions, if you receive emails or any other contact claiming to be from British Airways or your bank, check the authenticity of the sender and any information in it. Call a known trusted number for the sender to check the email is genuine before acting on it.
0 Comments