British Airways has been the target of a “sophisticated, malicious criminal attack” on its website and app*. The breach, which took place between 21 August and 5 September, is said to have affected 380,000 transactions and included personal and financial details of customers. British Airways has reached out to all customers affected by the breach, urging them to seek the help of their bank and credit card providers in order to manage the breach of their financial data.
Andrew Bushby, UK director at Fidelis Cybersecurity, offers the following comment: “British Airways’ customers should rightfully be concerned that their financial information has been accessed, as it cannot be ruled out that the hackers might leverage the financial data to cause more damage in the near future. While British Airways has notified those impacted and the authorities within the 72-hour window required by the GDPR, the breach went undetected for a two-week period highlighting once again that organisations need to look at detection and response, as even the best prevention-centric solutions will not suffice. To reduce that infection-to-detection gap, organisations need to revisit their security strategies in the post-breach world we live in today. This must include full visibility across networks, endpoints, clouds and across the kill chain.
“British Airways’ customers should take note of the recommendations made on the incident website, follow their advice and change their passwords as a matter of urgency – especially if they use the same email and password combination on other sites. British Airways now need to playout its post breach strategy and it is key that it ensures the threat has been fully eradicated from the extended infrastructure. Attackers go where organisations are not looking/cannot see and many companies often have a patchwork of disparate tools that rarely talk to one another. This is where blind spots become a problem, but by deploying the latest in deception technology along with full network visibility, organisations can find any ongoing threat activity in their systems.”
(Source: Fidelis Cybersecurity)