Saturday, 8 September 2018

BA.. an update

Since the last post, more information has been disclosed about the data breach at British Airways.

It seems that a web form was compromised on an internet facing server, which meant the hackers (for want of a better description) were able to capture the personal and financial information of the people making ticket purchases.

This worse than expected as the CVV2 (the digits on the back of the card were captured as well). This means it's possible to make purchases on the credit cards, as names, addresses and full credit card information was captured.

A couple of points, it's admirable that British Airways detected the breach so quickly and can pinpoint when it happened.

It's disappointing that it did happen, especially with the number of records and the type of data.  Without more information, we don't know how preventable this data breach was.

Will it be the last data breach?  No, of course not.

Normal advice applies, change passwords, if you're using the same passwords across multiple sites (or use a password manager), check for unusual activity on your credit and debit cards, and make use of fraud detection services, if they are offered.

No comments:

Post a Comment