The British Airways data breach – don’t let a hacker take off with your money
Last week, British Airways warned customers that about 380,000 card payments on its website and app were ‘compromised’ during a 15 day data breach. ‘Compromised’ bookings, which seem to be all those made between 21 August and 5 September have had the personal and financial details of customers stolen.
British Airways says it was not a simple breach of the airline’s encryption, but a sophisticated criminal attack that hacked the system and copied data as it was entered during the purchasing process.
This is very embarrassing for BA, and probably very expensive when the fine arrives from the Information Commissioner’s Office.
But what about the customers whose data has been taken?
Are you affected?
The breach was a very serious one. The data stolen included name, email address and all credit card information including card number, expiry date and the three digit CVV code on the back of the card. This would give criminals everything they need to steal money from card accounts, and plenty to start a complete identity theft. Once fraudsters have your personal information, they may be able to access your bank account, or open new accounts in your name.
The airline said it was in the process of contacting all customers affected by the data breach and advising those customers to contact their bank or card provider. Cancelling affected cards, and ordering new ones seems to be the most prudent course of action. It is probably sensible to change their online passwords and keep a very close eye on bank and other online accounts, reporting suspicious activity and unknown purchases immediately.
It may also be wise to be very wary of emails that seem to refer to the breach. Scammers, as well as the original criminals, will be trying to take advantage of understandable fears about losing money.
Be especially vigilant from messages or even calls which claim to be from the police, or BA, and especially those which claim to be from your bank, and instructing you to transfer money into a new, ‘safe’ account. You are unlikely to see it again.
It’s also important to stay vigilant. When hackers have high-value data like card details, they will sell them on. Cardholders might not see the criminal activity on their cards for weeks, until the details have been sold on.
At least, if you do suffer any financial loss or hardship, the airline has promised to compensate you.
Keeping safe online
This incident shows that keeping safe online is a growing problem. While online security technology is moving ahead fast, criminal hackers will always be at work to find ways around it.
But there are some basics steps to keep yours safer, if not entirely safe online.
- Check your bank and credit card transactions weekly. If you see any unfamiliar or unusual activity, contact your bank immediately.
- Demand a new card. Banks and credit card firms might say it isn’t necessary. Why take the chance?
- Beware of ‘phishing’. Criminals will see the data breach as an opportunity to trick people affected into revealing information. When someone calls about an account, make sure the caller is really who they claim to be. Don’t click on any links in text messages or emails.
- Change your passwords. It’s good practice to use different passwords for different cards and accounts, and to change them regularly. Even better, use password safety vault software to store all your passwords for you.
theguardian.com – British Airways data breach: what to do if you have been affected – 7th September 2018