View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
October 26, 2018

British Airways: Further 185,000 Card Details Stolen

BA: We were pwned worse than we thought

By CBR Staff Writer

More than six weeks after British Airways (BA) revealed that hackers had skimmed the unprotected card details of over 380,000 people from its systems, the flag carrier says it has found out that the attack was both better – and worse than initially thought.

Investigations by specialist cyber forensic investigators and the National Crime Agency have revealed that the hackers may have stolen the details of a further 77,000 payment cards with CVV details and an additional 108,000 without the CVV.

british airways hack update

British Airways Hack Update: Both Better (and Worse) than Thought

The “potentially impacted” customers were those making reward bookings between April 21 and July 28, 2018, and who used a payment card, BA said.

There was a silver lining though: of the initial 380,000 initially thought compromised, the number was in fact 244,000.

(Cybersecurity company RiskIQ meanwhile says it has identified the 22 lines of code that facilitated the Magecart attack, claiming the script was a modified version of the Modernizr JavaScript library, version 2.6.2)

See also: Magecart Stockpiling Magento Extension 0days: Is Your Business at Risk?

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

British Airways Hack Update: No Fraud (Yet)

The airline said Thursday: “While we do not have conclusive evidence that the data was removed from British Airways’ systems, we are taking a prudent approach in notifying potentially affected customers, advising them to contact their bank or card provider as a precaution.”  The airline: “Crucially, we have had no verified cases of fraud.”

The company concluded, rather contradicting its above statement: “As we have been doing, we will reimburse any customers who have suffered financial losses as a direct result of the data theft.” Computer Business Review has contacted the airline to clarify whether any customers have, or have not suffered financial losses.

Read this: The Cathay Pacific Hack: Should You Really Care? (And What’s a Passport Number Worth on the Dark Web?)

RiskIQ described the attack, which it attributed to the notorious Magecart threat group as a “simple but highly targeted approach”.

Tthe company described this skimmer as “very much attuned to how British Airway’s payment page is set up, which tells us that the attackers carefully considered how to target this site instead of blindly injecting the regular Magecart skimmer.”

“The infrastructure used in this attack was set up only with British Airways in mind and purposely targeted scripts that would blend in with normal payment processing to avoid detection.”

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.