News & Comment: How did hackers get into British Airways?

How did hackers get into British Airways?

NEWS: The airline has said how hackers accessed customer data, but there are a variety of possible methods. In the British Airways customer data breach, hackers were able to access customers’ names, email addresses and credit card information from 380,000 transactions.




Pravin Kothari, CEO, CipherCloud:

”Since the US has enacted breach notification laws, businesses and consumers have been made acutely aware of the risks and brand damage that result from a cyberattack, but very little has been reported from Europe. Does that mean European businesses are more secure? Not necessarily. Now, thanks to GDPR, more European breaches will be made public. Unfortunately, even though technology has kept up with the latest attack methods and preventive solutions are available, it’s taken this kind of regulation to force awareness about the critical need to invest in security to protect your data.”


Paul Bischoff, privacy advocate at

“With British Airway’s disclosure of hackers carrying out a malicious attack on its website and mobile app and Air Canada suffering a similar fate just last week, there’s nothing like a fresh wave of data breaches to drive home the importance of the security of customer data. Somewhat encouraging is the admission that the BA attack did not compromise travel or passport details, but it has still had a knock-on effect to BA’s share prices, which have dropped 4% since the disclosure. yesterday published its own study that looks at share prices in relation to data breach disclosures and the effects are immediate and negative. It’s a stark reminder to companies that hold personal information on customers that hackers will come for them, the question is: are they ready?”


Timothy Bedard, Director of Product Marketing – TID Solutions, OneSpan:

“As the British Airways breach details become publicly known, this is yet another reminder of reality we live in today. It is not a question of “if we get breached”, it is a question of “when we will be breached.” Well, the breach has happened and British Airways has started to notify impacted customers while trying to minimize the brand recognition hit. But, while British Airways manages the negative publicly and potential GDPR fines, the real victims in this scenario are the British Airways customers. Once fraudsters have their personal information (i.e. name, email addresses, and credit card information), they will be able to access their personal bank account(s), open new accounts in their name, or use their personal information to make fraudulent purchases. Or, they could sell their personal information to other fraudsters on the dark web.

The key lessons from the British Airlines breach are threefold – one, breaches will continue to fuel fraud, account takeover and application fraud; two, combined with poor password hygiene, fraud will continue to rise; and three, no password is safe; every password is vulnerable – so British Airways customers, change your passwords today!”