IT Services Consultants for you and your business.
Last year, British Airways suffered a data breach that resulted to the details of hundreds of thousands of its online user’s details being stolen, including email details and credit card details including the 3-digit security code from the back.
Read more
Cast your minds back to September 6th 2018 and you may recall that British Airways announced the theft of customers data, including payment information, over about a week in late August. About 380,000 customers had their information lifted from the website, but this wasn’t a typical breach where the company servers were infiltrated, this was more like a purely digital version of the card skimmers that were used to get your card details when you used an ATM.
Read more
The ICO have issued a fine of £500,000 to Facebook in light of serious breaches of data protection law. This was the maximum fine that could be issued under the Data Protection Act that was in place at the time of the breaches, under GDPR the fines could have been considerably higher.
Facebook have been found to have processed the personal information of users unfairly, notably allowing developers access to personal information without sufficiently clear and informed consent. Access was even granted to users information who had not downloaded the app, but were friends of users who had.
Additionally, Facebook failed to make suitable checks on the apps and developers using their system. One developer was able to harvest the personal information of up to 87 million users worldwide, without their knowledge.
After the Cambridge Analytica story broke and the breach of data protection was identified, Facebook failed to manage the breached data, waiting almost 3 years before suspending some developers access to the system.
Facebook failed to sufficiently protect the privacy of its users before, during and after the unlawful processing of this data. A company of its size and expertise should have known better and it should have done better.
Elizabeth Denham
Information Commissioner
The GDPR UK implementation and the UK Data Protection Act 2018 govern how organisations can process personally identifying information.
If your organisation needs to process personal information, it needs to be registered on the ICO database, and have a Data Protection Policy in place detailing the use of personal information.
Personal Information is any information that can identify an individual, such as employee names, customer id’s or CCTV footage.
If you need help assessing your GDPR compliance, contact us immediately for a GDPR review.
Facebook have announced that around 30 million user accounts were accessed on its recent data breach using the ‘view as’ feature to steel access tokens.
British Airways have said that about 380,000 card payments made on its website and mobile app between 10.58pm on 21st August and 9.45 on 5th September have been compromised.
Personal and financial information of customers during that period were compromised, British Airways say that no travel details or passport information was taken.
The information from BA states that “This was a very sophisticated effort by criminal gangs” to obtain the information, they say that the encryption used by the airline was not compromised.
BA have notified the ICO and the NCA about the incident and are working with them to assess the best course of action.
From the information given, it appears likely that the information was stolen from it’s website processing mechanism, maybe a rogue snippet of code was added, possibly by a third party app, that allowed the information to be scraped off the page or app before being sent for processing.
British Airways have said they are in the process of contacting affected customers and have advised they contact their banks or card providers and follow their advice. They have said they will compensate any customers who have a financial loss as a result of the breach.
If you have used British Airways during the 15 day window, you should contact your bank or card issuer as a precaution and monitor your transactions for any suspicious activity.
BA have said that their systems are working normally and the breach should not have any impact on existing flight arrangements. If the ICO find that BA have been negligent of their data security, under the new GDPR laws they could face fines of up to £500 million.
It’s likely that fraudsters will try to capitalise on this breach by sending out fake emails, texts, phone calls or messages via social media. As always they will be out to scam you, and you’re unlikely to be compensated if you fall for one of these piggy-back scams.
Always follow some simple precautions, if you receive emails or any other contact claiming to be from British Airways or your bank, check the authenticity of the sender and any information in it. Call a known trusted number for the sender to check the email is genuine before acting on it.
The ICO have released details of a Telford company who have been fined for a breach of Data Protection. Read more
With only a month to go until the new Data Privacy regulations come into force, we;ve taken a look at the Cyber Security Breaches report released from the Department of Digital, Culture, Media & Sport. Read more
The fitness company Under Armour have announced a data breach involving about 150 million users of it’s MyFitnessPal service Read more