British Airways Data Breach Leaves Mobile Payments Users Threatened

September 11, 2018         By: Steven Anderson

By now, we all likely know that a data breach is no longer a matter of if, but rather when, for just about every company out there. The latest such breach hit no less than British Airways, who took a data breach in both its website and its mobile app, a strike sufficient to compromise somewhere around 380,000 cards in the system.

The breach itself took place somewhere around August 21 and September 5, which means it was caught reasonably quickly, and from there, British Airways started letting customers know. The breach itself has been resolved, the relevant matters reported to proper authorities, and any customer who believes they’ve been impacted by this should report the matter to their own bank or credit card issuer.

There’s even some good news out of this, as the data involved didn’t touch travel itineraries or passport details. Cold comfort, perhaps, but comfort nonetheless.

Airlines and airports have proven surprisingly popular targets for data breaches lately. The European Aviation Safety Agency noted there had been 1,000 attacks every month during 2016, a figure which is likely an average but still disturbing nonetheless. Objectively, several recent attacks have hit airlines, including a breach at Air Canada just a week ago, and a breach back in April connected to Delta Air Lines software provider [24]7.ai.

Airlines are rich targets for hackers, thanks to the sheer amount of information they’re required to keep as part of everyday operations. From addresses to credit card data to passport information, it’s prime hunting territory for immediately useful information. Airline information is useful in credit card fraud, identity theft, stalking, and much more; it’s not just about the basic numbers and addresses, but rather also about where customers are going to and coming from. So airlines, therefore, need to have a higher level of security than other businesses, starting not only with perimeter defense, but also extending to direct encryption of records.

Airlines normally do quite well with protecting data—that we haven’t seen more data breaches than we have already is proof of this—but with so many attacks taking place, it’s hardly a time to rest on an industry’s collective laurels.