The story below is brought to you as educational material and is in no way a criticism towards British Airways' security operations. At the time

The Third-Party Script Breach That Shook The World

submited by
Style Pass
2024-11-05 03:00:08

The story below is brought to you as educational material and is in no way a criticism towards British Airways' security operations. At the time of the attack insufficient security tooling existed to detect attacks leveraging 3rd party resources. To this day the majority of tooling is unable to detect advanced attacks of this particular type.

It happened between August 21 and September 5 2018. During those 16 days, a sophisticated cyberattack hit the British Airways website and app. It exposed the personal data of roughly 300,000 to 500,000 customers.

Payment data were copied and sent to baways.com, a domain that looks very much like the official website and set up specifically to deceive.

This is not just a chilling story from the past. Every day, somewhere, a company faces this kind of challenge. The British Airways hack in 2018 made headlines all around the world and kept the airline in a hot seat for years. The 2018 British Airways Data Breach reminds us of the ever-present threat of cyberattacks.

In this case, the ICO proposed an unprecedented fine of over £183 million for failing to keep customers' data safe. Some of the details of the breach remain undisclosed to this day.

Leave a Comment