British Airways data breach bigger than originally thought

Back in September, British Airways announced that they had experienced a data breach. After a lengthy investigation carried out by third-party cybersecurity threat responders and the National Crime Agency, it was determined that the breach is far larger than originally thought. In an updated statement on their website, British Airways had this to say:

The investigation has shown the hackers may have stolen additional personal data and we are notifying the holders of 77,000 payment cards, not previously notified, that the name, billing address, email address, card payment information, including card number, expiry date and CVV have potentially been compromised, and a further 108,000 without CVV. The potentially impacted customers were those only making reward bookings between April 21 and July 28, 2018, and who used a payment card.

The company insists that there are no instances of known fraud that can be attributed to the data breach. It should be noted that this does not mean fraud hasn’t happened, it just means it has yet to be recognized and reported via official channels. British Airways has also stated that they are meticulously notifying all potential victims in their customer base and instructing them to stay in contact with their bank or credit card provider to stay informed. In a rather generous act, the company has also promised reimbursement to any customer negatively impacted by the breach.

As important as it is to understand the impact of the British Airways data breach, it is also imperative to understand what and/or who caused the breach in the first place. In an interview with Kaspersky Lab’s Threatpost, Yonathan Klijnsma, a threat researcher with RiskIQ, attributed it to the infamous Magecart cybergang:

Magecart since 2017 has been running a campaign very similar to what happened to British Airways... They’ve been setting up infrastructure to mimic victims or they would simply mimic ad or analytics providers to blend in. The British Airways attack was just an extension of that attack in our eyes.

While this does sound like Magecart’s modus operandi, it is also important to note that Klijnsma only had “medium-high confidence” of their involvement. All leads should be pursued until we can absolutely be certain that the notorious Magecart is the culprit (which is without a doubt a major possibility). In the meantime, all customers affected by the British Airways data breach should be aware of their finances even more so than usual and take advantage of the services that British Airways is providing to rectify the situation.

Featured image: Flickr / Bill Wilt

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Published by
Derek Kortepeter

Recent Posts

WordPress vulnerability puts 300,000 at risk for attack

A WordPress vulnerability that could affect 300,000 users has been identified and patched. By if admins don’t update, they remain…

1 hour ago

PowerShell jobs — because you have better things to do than wait

If you run PowerShell commands that take a while to complete, consider using PowerShell jobs, which will allow the command…

4 hours ago

Validating virtual networks rules in a Storage Account using PowerShell

Here’s a TechGenix Quick Tip on how to use PowerShell to retrieve a list of virtual network rules in a…

21 hours ago

Dell launches selection of new PCs, displays, and software

A line of new Dell PCs, with innovative tech capabilities like AI and 5G, are aimed at both personal and…

1 day ago

Exchange 2010 upgrade: Migrate or export mail to PST and start fresh?

If you’re on Exchange 2010, you will have to upgrade soon. And while starting from scratch with a new 2016…

1 day ago

How to repair PST files and import data back to Outlook or Office 365

If your business relies on Outlook, you can’t risk losing mailbox data because of PST files corruption. Here’s how to…

4 days ago