DATA BREACH AT ONE OF EUROPE’S MAJOR AIRLINES
British Airways revealed a data breach impacting customer information from roughly 380,000 booking transactions. The company said that names, addresses, email addresses, and sensitive payment card details were all compromised.
The threat detection firm that was analyzing the breach, published details of the hacker’s strategy, also linking the intrusion to a criminal hacking gang that has been active since 2015. The group, is known for web-based credit card skimming, i.e. finding websites that do not secure payment data entry forms and draws in everything that gets submitted. But while the hackers have previously been known to use the same broadly targeted code to scoop up data from various third-party processors, the firm found that the attack on British Airways was much more tailored to the company’s specific infrastructure.
In its initial disclosure, British Airways said that the breach did not impact passport numbers or other travel data. But the company later explained that the compromised data included payment card expiration dates and Card Verification Value codes, even though the airlines has said it does not store CVVs. British Airways further noted that the breach only impacted customers who completed transactions during a specific timeframe.
These details served as clues, leading analysts to suspect that the attack does not necessarily involve penetrating an organization’s network or servers, which would explain how hackers only accessed information submitted during a specific timeframe, and compromised data that British Airways itself does not store.
While the attack was not elaborate, it was effective, because it was tailored to the specific scripting and data flow weaknesses of the British Airways site.