British Airways Suffers A Second Cyber Attack

A second cyber attack on British Airways (BA) has been recently discovered which happened earlier than the breach found in September.

BA has endured a second website breach which has compromised more than 185,000 customers’ bank card details including card-security codes.

The victims were caught out by a website compromise that had gone undetected for months.

BA only found the second attack while they were investigating a breach of their website in September, which affected 380,000 transactions.

The two cyber attacks on BA meant that 565,000 customer accounts had been compromised altogether.

Investigators into the attacks firmly believe the breaches were linked and carried out by the same group or gang, with BA owner IAG claiming: “The investigation [of the August-September breach] has shown the hackers may have stolen additional personal data.”

BA advised that they would contact the customers to let them know that their information had been stolen.

The second earlier attack took place between April 21 and July 28 and information about the breach was revealed in a stock exchange announcement by IAG.

IAG said two separate groups of customers were affected by the hack attack:

  • 77,000 people had their name, address, email address and detailed payment information taken
  • 108,000 people lost personal details apart from the CVV number for their payment cards

“Since the announcement on September 6, 2018, British Airways can confirm that it has had no verified cases of fraud,” it said.

The UK’s National Crime Agency and the Information Commissioner’s Office investigated the breach following the September attack. Now BA and IAG could face an enormous financial hit resulting in fines because the breach took place after rigorous European privacy and data rules (also known as the General Data Protection Regulation) came into force.

As legal firms hold vast amount of client data and monies they are more liable and susceptible to cyber attacks. Hackers are becoming more and more sophisticated to the point that businesses are completely unaware of breaches. It is therefore imperative that law firms arm themselves with the appropriate protection to deal with future cyber threats.