Debate Magazine

British Airways Customers’ Credit Card Details Likely Already for Sale on the Dark Web

Posted on the 20 September 2018 by Darkwebnews @darkwebnews

British Airways is investigating a case where the credit card details of around 380,000 customers were stolen from its website in a hack.

This happened over a period of two weeks and the company has urged the affected parties to contact their respective banks.

All this happened between August 21 and September 5.

The statement released by the airline indicated that the stolen information did not include travel or passport details but only personal and financial details.

Though the breach has since been resolved and the airline's site is back running normally, data that was stolen in the breach has reportedly headed toward the dark web-where those responsible for the hack will sell it at a profit.

This is the second IT disaster to hit British Airways in recent years. In 2017, the airline's data center was hit by a major power surge.

This data theft is however the most serious to hit a U.K. company and thereby affecting the company's reputation.

The airline and its parent company, IAG (International Airlines Group), have however denied allegations that the hack was due to their decision to outsource their IT operations.

The National Crime Agency is aware of the breach and it would be teaming up with the airline and other partners to find the best solution.

The Information Commissioner's Office has urged the affected customers and those who think they could be affected to change their online passwords and monitor their bank accounts.

It is important that the airline moves quickly to solve the issue and secure customers' information.

Reports indicate that shares in IAG dropped by 1.5 percent after news on the breach broke earlier this month.

This attributed to £120 million (or over $157 million USD) being wiped off the stock market by investors.

The Hack

In its official statement, BA maintains that only personal and financial data was stolen and that this only affected customers between August 21 and September 5.

A few speculations have been made on how the hack took place. Richard Walters, the CTO of CensorNet, suggests that the hackers compromised a flaw in the software on the British Airways website.

This would enable the hacker to intercept messages-including financial data that was stolen-and they would copy data as it was relayed to the IT center.

This is, however, just a speculation and the full details on how the hack took place could be out in a few months on conclusion of the investigation by the National Crime Agency.

Leigh Anne, a cybersecurity expert at Positive Technologies, says that the theft could not be detected immediately until a buyer acts and that anyone who thinks they could be affected should keep tabs on their transactions.

This advice was also recommended by the U.K. National Cybersecurity Center in a published guidance for those affected by the hack.

What the Affected Should Do

Around 380,000 customers were affected by the 15-day breach with their personal and financial details stolen.

British Airways has since taken responsibility and has been working to contact all the affected clients.

It has urged them to contact their banks and credit card providers concerning the issue.

Even those who have not yet detected any changes in their accounts are advised to change their passwords.

On the issue about compensations, British Airways has stated that customers who lost out financially will all be compensated.

The chief executive of BA, Alex Cruz, has apologized to the clients who were affected and has pledged to compensate those affected by fraudulent account transactions.

He also assured clients that the company would expand its services and customer care.

The company has also calmed its customers that the issue has since been resolved and that their website is back online and they can book their flights normally.

However, this breach being the biggest on a U.K. company, British Airways' reputation has been dealt a huge blow.

The company is working to convince its customers and possible new clients that that new future bookings will not be affected.

British Airways has since sent an email to the regular flyer program, assuring them about the security of their personal data.

The Investigation and Possible Consequences

Any company should build a strong system to prevent cases such as hacking and data leaks to other parties.

If the investigation concludes that the airline was negligent in protecting customers' data, then it could face hefty fines.

The details stolen included CVV codes, credit card information, names and email addresses.

CVV numbers are very important when doing online payments as they are the final step of the transaction.

Due to this, BA could face data protection fines for allowing the exposure of clients' CVV details.

Overall, the stolen information was estimated at about £21.5 million.

This was according to the estimation of the credit card details on the dark web at £56.50 each.

If it is determined that BA failed to protect customers' data, then they would face a class-action lawsuit.

The investigation would try to determine if the company had measures in place to prevent a breach of the company's website.

If this is not the case, they would be subject to worth hundreds of millions of pounds if found guilty of not having sufficient measures to protect client data.

This is under the European Union's new General Data Protection Regulation (GDPR), which was introduced back in May.

It seeks to ensure that companies put up the best cybersecurity systems to protect private customer data and information.

Under this regulation, a company could face a penalty of up to 4 percent of its annual sales or £20 million, whichever figure is higher.

This means that if British Airways is found guilty of breaching these regulations, it could face fines of up to £489 million (or more than $642 million USD).

However, if it is determined that IAG is at fault, then the fine could rise to a high of around £825 million pounds.

U.S. law services giant Sanders Phillips Grossman (SPG) says it has plans to initiate a £500 million lawsuit against British Airways if it did not settle with the affected clients.

SPG states that close to 400,000 people were in distress or inconvenienced by the security breach and that British Airways should compensate all the affected.


You Might Also Like :

Back to Featured Articles on Logo Paperblog

These articles might interest you :

  • HCTF Premiere - Slum Summer: Bobby

    HCTF Premiere Slum Summer: Bobby

    Anglo-American indie band Slum Summer pair an American lo-fi garage rock vibe to an English sense for melody on their single Bobby, a taste from their... Read more

    The 10 December 2018 by   Hctf
  • Tony Montana’s White Suit in Scarface

    Tony Montana’s White Suit Scarface

    Al Pacino as Tony Montana in Scarface (1983)VitalsAl Pacino as Tony Montana, impulsive and hotheaded cocaine dealerMiami, Summer 1981Film: Scarface Release Date... Read more

    The 10 December 2018 by   Nguzan
  • China Has Strict New Rules for Climbing Everest

    China Strict Rules Climbing Everest

    With the winter fall climbing season in the Himalaya now behind us and the spring climbing season still a bit far off, you would think there wouldn't be much... Read more

    The 10 December 2018 by   Kungfujedi
  • Managing the Micromanager

    Embed from Getty ImagesMicromanagers want to control every aspect of their employees’ work, down to the smallest detail. They insist on being consulted about... Read more

    The 10 December 2018 by   Candacemoody
  • 8 Ways To Prepare Yourself For Business Crises Ahead

    Ways Prepare Yourself Business Crises Ahead

    Most entrepreneurs see their new venture as a fun adventure, until the pressures of a cash flow crisis, or a manufacturing quality problem, or a major customer... Read more

    The 10 December 2018 by   Martin Zwilling
  • Christmas Style: Neutrals + Last Minute Gift Ideas

    Christmas Style: Neutrals Last Minute Gift Ideas

    This is a sponsored conversation written by me on behalf of Meijer. All opinions and thoughts are my own.  Is anyone else having super weird weather where they... Read more

    The 10 December 2018 by   Thesamanthashow
  • The Cup Chronicles Cafe

    Chronicles Cafe

    Cup Chronicles Café is a cozy café located on 12th Main, Indiranagar, Bangalore. The place opened only few weeks back and has managed to attract crowd to try it... Read more

    The 10 December 2018 by   Rohit Dassani