'World's favorite airline' favorite among hackers: British Airways site, app hacked for two weeks

380,000 payment cards, personal info slurped by crooks


British Airways on Thursday said it is investigating the theft of customer data from its website and mobile app servers.

The biz, which bills itself as the world's favorite airline, said its systems had been compromised for more than two weeks.

"From 22:58 BST August 21 2018 until 21:45 BST September 5 2018 inclusive, the personal and financial details of customers making bookings on our website and app were compromised," the airline said in a statement on its website.

According to BA, the stolen data did not include travel or passport information. It does, however, appear to have included the personal and financial details of those booking travel via the BA website and mobile app during the affected period. As many as 380,000 payment cards were exposed to the intruders.

In a separate statement, Alex Cruz, British Airways' chairman and CEO said "We are deeply sorry for the disruption that this criminal activity has caused. We take the protection of our customers’ data very seriously."

ba

British Airways' latest Total Inability To Support Upwardness of Planes* caused by Amadeus system outage

READ MORE

The air carrier said it will contact affected customers and advise them to inform their financial service providers about the incident. It plans to handle any financial claims on an individual basis.

BA insisted its ransacked systems have been patched up, and its website is now working normally.

As of the time of this article was filed, Google Chrome continued to report that the airline's Customer Data Theft notification webpage is not fully secure and visitors should not enter sensitive information like passwords or credit cards. The main BA landing page, however, qualified for a security lock icon.

Chrome's web developer tools indicate that, among other issues, the alert page contains a mix of secure and insecure content, the problematic element being a form that targets an insecure endpoint.

Spokespeople for British Airways declined to comment beyond their official statements. ®


Keep Reading

Tech Resources

Apps are Essential, so your WAF must be effective

You can’t run a business today without applications—and because apps are critical to strategic business imperatives and commerce, they have become the prime target for attackers.

Webcast Slide Deck | How backup modernization changes the ransomware game

If the thrill of backing up your data and wondering if you will ever see it again has worn off, start the new year by getting rid of the lingering pain of legacy backup. Bipul Sinha, CEO of the Cloud Data Management Company, Rubrik, and Miguel Zatarain, Director of Global Infrastructure Technology at PACCAR, Fortune 500 manufacturer of trucks and Rubrik customer, are talking to the Reg’s Tim Phillips about how to eliminate the costly, slow and spotty performance of legacy backup, and how to modernize your implementation in 2021 to make your business more resilient.

Three reasons you need a hybrid multicloud

Businesses need their IT teams to operate applications and data in a hybrid environment spanning on-premises private and public clouds. But this poses many challenges, such as managing complex networking, re-architecting applications for the cloud, and managing multiple infrastructure silos. There is a pressing need for a single platform that addresses these challenges - a hybrid multicloud built for the digital innovation era. Just this Regcast to find out: Why hybrid multicloud is the ideal path to accelerate cloud migration.

Anatomy of a Private Cloud

Learn the key elements that combined, build a true Private Cloud

Biting the hand that feeds IT © 1998–2021