On September 7, British Airways announced a massive data breach that exposed the personal and financial details of all customers who made bookings between August 21 and September 5, 2018. Nearly 400,000 flyers had their data exposed, and the airline promised to compensate those affected.
According to British Airways Chief Executive Officer Alex Cruz, “At the moment, [the airline’s] number one purpose is contacting those customers that made those transactions to make sure they contact their credit card bank providers, so they can follow their instructions on how to manage that breach of data.” Cruz went on to say that the hackers were able to steal enough information to use bank data to make purchases.
“The British Airways breach once again sheds light on the difficulty companies have protecting the proprietary information of their customers,” said Israel Barak, Chief Information Security Officer at Cybereason. “As an industry, until we can start making cybercrime unprofitable for adversaries, they will continue to hold the cards that will yield potentially massive payouts.”
British Airways is the latest victim in what is becoming a growing cybersecurity problem in the airline industry.
In April 2018, Delta Airlines announced that its third-party chat service was the target of a cyberattack. Customer banking information was compromised, but no personal or passport details were stolen. Just four months later, Air Canada announced it had experienced a breach on its mobile app that compromised the data of more than 20,000 customers. In this instance, hackers were able to obtain basic personal information as well as sensitive data like passport information, but not payment or credit card information.
According to Paul Farrington, head of Europe, the Middle East and Africa (EMEA) for the app-security company CA Veracode, “IT issues are not only affecting [British Airways], but also in the wider airline industry. Airlines have a duty to keep the planes in the air, and the majority of investment goes into that. However, recent outages show investment should also be directed at technology. As airlines become ever more dependent on software, this creates a greater surface for hackers to attack and so it is no surprise that breaches of this scale are becoming commonplace.”
If notified of a data breach by any service provider, consumers should monitor their bank and other accounts for signs of unauthorized use and consult their bank if they feel their information has been compromised.