The results of data breach at British Airways

TechNews Writer
Pronouns
(She/Her)
Mon Feb 22, 2021

In the previous issue, I wrote about the event study and investigation of this cyber-attack at British Airways. Now let’s take a deep dive into the results of this cyber-attack. A ticket master website was being used in this process of malfunctioning. A digital skimmer was placed in the ticker master secretly. This Magecart was used to transform more than hundreds and thousands of records. There were no hits in the case of British Airways blacklist. The skimmer was completely customized, thus there no suspicion at all. The baggage claim information page was used for loading all the data.

The proof regarding this malfunction was found on the domain baways.com. It was hosted on 89.47.162.248. According to the research, Magecart had all the information regarding the site of British Airways since the month of august. The website as well as the mobile app of British Airways was affected. In the mobile app of this company a part was kept native. Most of the functionalities are used from the website in the app. A main version of the website is used while searching, booking, and paying for the flights. This page was modified in the mobile application. A highly similar HTML, CSS and JavaScript was used just like the actual website. Over the time, the tactics and the methods of malfunctioning have been changed.

Now let’s take a deep dive into the results of this cyber-attack at British Airways. This investigation had led ICO to fine the British airways. The fine amount was around 183.39M. This incident has affected around 500,000 customers and it had already started in June 2018. Later the ICO and British Airways worked together, and thus various changes and improvements were made in the security process. Personal data of around 185,000 card holders was not notified earlier. Magecart was something was previously used in the stealing process of a debit card or a credit card. It was even used and involved in the PII stealing actions. A PII log functionality was the one which was used to find out all the information entered in the payment details form by the customers. British Airways had to clear a huge penalty imposed on them.  Around 1.8 percent of the total turnover was the penalty amount for the British Airways.

 

 

Appears in
2021 - Spring - Issue 4
Tags
Channel