More Information about the British Airways Data Breach

RiskIQ, a cybersecurity company, through its threat researcher Yonathan Klijnsma, has exposed the similarity of the British Airway’s data breach to the Ticketmaster breach of which was publicly revealed last June 2018. RiskIQ explained that the security breach was caused by the same group, collectively called “Magecart” to steal 380,000 booking records from August 21 to September 5, 2018.

“This attack is a simple but highly targeted approach compared to what we’ve seen in the past with the Magecart skimmer which grabbed forms indiscriminately. This particular skimmer is very much attuned to how British Airway’s payment page is set up, which tells us that the attackers carefully considered how to target this site instead of blindly injecting the regular Magecart skimmer. There are so many ways they could have stolen the payment or [personal] information, they went for this really simple method, but its super effective. they went from super advanced to simplifying their attacks — and their [returns are] more insane than ever,” explained Klijnsma

For its part, the British Airways issued their official press release to calm down its customers. “Customers who made bookings or changes to their bookings on ba.com or our mobile app between 22:58 BST August 21, 2018, and 21:45 BST September 5, 2018, may have been affected. We advise any customers who believe they may have been affected to contact their banks or credit card providers and follow their advice. British Airways will never proactively contact you to request your personal or confidential information. If you ever receive an email or call, claiming to be from us, requesting this information, please report it to us straight away. We will be offering a 12-month credit rating monitoring service to any affected customer who is concerned about an impact to their credit rating, provided by specialists in the field and will share details of this in the near future,” said British Airways in their official website.

“We’ve been tracking the Magecart actors for a long time and one of the developments in 2017 was … they started to invest time into targets to find ways to breach specific high-profile companies, like Ticketmaster. The British Airways attack we see as an extension of this campaign where they’ve set up specialized infrastructure mimicking the victim site,” added Klijnsma.

RiskIQ has enlisted the help of the United Kingdom’s National Crime Agency and National Cyber Security Centre. “We are working with partners to better understand this incident and how it has affected customers,” said the reserved spokesperson of NCSC. British Airways have been pushing for customers to change their password, to prevent further trouble down the road. “ba.com and Executive Club accounts have not been compromised and your login details are safe. However, if you’d like to change your password, first ensure you are logged out of ba.com and click the Forgotten Pin/Password link on the top right-hand corner of the homepage. We recommend you choose a unique password that you do not use for any other online account. We are aware of some customers experiencing intermittent issues when attempting to reset their passwords. We are working on resolving this as quickly as possible,” concluded British Airways.