Debate Magazine

British Airways Customers’ Credit Card Details Likely Already for Sale on the Dark Web

Posted on the 20 September 2018 by Darkwebnews @darkwebnews

British Airways is investigating a case where the credit card details of around 380,000 customers were stolen from its website in a hack.

This happened over a period of two weeks and the company has urged the affected parties to contact their respective banks.

All this happened between August 21 and September 5.

The statement released by the airline indicated that the stolen information did not include travel or passport details but only personal and financial details.

Though the breach has since been resolved and the airline's site is back running normally, data that was stolen in the breach has reportedly headed toward the dark web-where those responsible for the hack will sell it at a profit.

This is the second IT disaster to hit British Airways in recent years. In 2017, the airline's data center was hit by a major power surge.

This data theft is however the most serious to hit a U.K. company and thereby affecting the company's reputation.

The airline and its parent company, IAG (International Airlines Group), have however denied allegations that the hack was due to their decision to outsource their IT operations.

The National Crime Agency is aware of the breach and it would be teaming up with the airline and other partners to find the best solution.

The Information Commissioner's Office has urged the affected customers and those who think they could be affected to change their online passwords and monitor their bank accounts.

It is important that the airline moves quickly to solve the issue and secure customers' information.

Reports indicate that shares in IAG dropped by 1.5 percent after news on the breach broke earlier this month.

This attributed to £120 million (or over $157 million USD) being wiped off the stock market by investors.

The Hack

In its official statement, BA maintains that only personal and financial data was stolen and that this only affected customers between August 21 and September 5.

A few speculations have been made on how the hack took place. Richard Walters, the CTO of CensorNet, suggests that the hackers compromised a flaw in the software on the British Airways website.

This would enable the hacker to intercept messages-including financial data that was stolen-and they would copy data as it was relayed to the IT center.

This is, however, just a speculation and the full details on how the hack took place could be out in a few months on conclusion of the investigation by the National Crime Agency.

Leigh Anne, a cybersecurity expert at Positive Technologies, says that the theft could not be detected immediately until a buyer acts and that anyone who thinks they could be affected should keep tabs on their transactions.

This advice was also recommended by the U.K. National Cybersecurity Center in a published guidance for those affected by the hack.

What the Affected Should Do

Around 380,000 customers were affected by the 15-day breach with their personal and financial details stolen.

British Airways has since taken responsibility and has been working to contact all the affected clients.

It has urged them to contact their banks and credit card providers concerning the issue.

Even those who have not yet detected any changes in their accounts are advised to change their passwords.

On the issue about compensations, British Airways has stated that customers who lost out financially will all be compensated.

The chief executive of BA, Alex Cruz, has apologized to the clients who were affected and has pledged to compensate those affected by fraudulent account transactions.

He also assured clients that the company would expand its services and customer care.

The company has also calmed its customers that the issue has since been resolved and that their website is back online and they can book their flights normally.

However, this breach being the biggest on a U.K. company, British Airways' reputation has been dealt a huge blow.

The company is working to convince its customers and possible new clients that that new future bookings will not be affected.

British Airways has since sent an email to the regular flyer program, assuring them about the security of their personal data.

The Investigation and Possible Consequences

Any company should build a strong system to prevent cases such as hacking and data leaks to other parties.

If the investigation concludes that the airline was negligent in protecting customers' data, then it could face hefty fines.

The details stolen included CVV codes, credit card information, names and email addresses.

CVV numbers are very important when doing online payments as they are the final step of the transaction.

Due to this, BA could face data protection fines for allowing the exposure of clients' CVV details.

Overall, the stolen information was estimated at about £21.5 million.

This was according to the estimation of the credit card details on the dark web at £56.50 each.

If it is determined that BA failed to protect customers' data, then they would face a class-action lawsuit.

The investigation would try to determine if the company had measures in place to prevent a breach of the company's website.

If this is not the case, they would be subject to worth hundreds of millions of pounds if found guilty of not having sufficient measures to protect client data.

This is under the European Union's new General Data Protection Regulation (GDPR), which was introduced back in May.

It seeks to ensure that companies put up the best cybersecurity systems to protect private customer data and information.

Under this regulation, a company could face a penalty of up to 4 percent of its annual sales or £20 million, whichever figure is higher.

This means that if British Airways is found guilty of breaching these regulations, it could face fines of up to £489 million (or more than $642 million USD).

However, if it is determined that IAG is at fault, then the fine could rise to a high of around £825 million pounds.

U.S. law services giant Sanders Phillips Grossman (SPG) says it has plans to initiate a £500 million lawsuit against British Airways if it did not settle with the affected clients.

SPG states that close to 400,000 people were in distress or inconvenienced by the security breach and that British Airways should compensate all the affected.

Disclaimer:


You Might Also Like :

Back to Featured Articles on Logo Paperblog

These articles might interest you :

  • You Belong: Shawn Austin Interview

    Belong: Shawn Austin Interview

    We caught up with Shawn Austin at the SiriusXM Canada offices in Toronto on a busy media day for the Vancouver singer and sat down to talk about his career and... Read more

    The 16 October 2018 by   Phjoshua
    LIFESTYLE, SELF EXPRESSION
  • Mattel Introduces Doctor Who Barbie

    Mattel Introduces Doctor Barbie

    Most of what I’ve seen from Mattel recently has been underwhelming. However, the announcement of their newest doll, the 13th Doctor based on the long running... Read more

    The 16 October 2018 by   Ashley Brooke, Kewpie83
    CULTURE, FAMILY, SELF EXPRESSION
  • UNIBEN Admission List Out – 2018/2019

    UNIBEN Admission List for the 2018/2019 academic session is now out on the school portal. All candidates who applied for admission in the university are hereby... Read more

    The 16 October 2018 by   Naijapary
    SOCIETY, A-CLASSER
  • Doll Shows 101: Etiquette

    Doll Shows 101: Etiquette

    For a doll collector, attending a doll show can be as exciting as stepping through the gates of Walt Disney World. Even the most narrowed minded collector is... Read more

    The 16 October 2018 by   Ashley Brooke, Kewpie83
    CULTURE, FAMILY, SELF EXPRESSION
  • Neanderthal Cave Art is Fake News?

    Life in a Neanderthal cave was surprisingly human. They built structures, created jewellery, and cared for each other. To top it all of, we recently learnt... Read more

    The 16 October 2018 by   Reprieve
    BIOLOGY, SCIENCE
  • Is the Tide Turning in Australian Dietary Advice?

    Tide Turning Australian Dietary Advice?

    Has the Dietitians Association of Australia (DAA) had a change of heart? Just last month, we reported that the DAA was heavily influenced by sponsorships ... Read more

    The 16 October 2018 by   Dietdoctor
    DIET & WEIGHT, HEALTH, HEALTHY LIVING, MEDICINE
  • Yahoo Boy On The Run After Chopping off Old Man’s Head and Manhood in Benin...

    Yahoo After Chopping Man’s Head Manhood Benin (Graphic Photos)

    A Yahoo Boy identified as Bino has disappeared into the thin air after beheading a man for ritual purpose in Ayogwiri community Benin . Read more

    The 16 October 2018 by   Naijapary
    SOCIETY, A-CLASSER

Magazines