British Airways Details

    Organization Logo

    British Airways

    London, United Kingdom employees • Transportation

    Industry

    Transportation

    Security Incidents

    1

    British Airways plc is the flag carrier airline of the United Kingdom. It is headquartered in London, England, near its main hub at Heathrow Airport.

    Security Incidents

    British Airways Breach of Oct 2023
    Severity Score
    High

    Type

    Data Breach

    Summary

    In October 2023, British Airways experienced a significant security incident that led to the temporary suspension of its Tel Aviv service. This incident underscored ongoing security challenges for airlines operating in sensitive regions. Previously, British Airways had been fined £20 million by the UK Information Commissioner’s Office for a GDPR violation stemming from a data breach that occurred between June and September 2018. During this breach, an attacker redirected customer payment card data to a fraudulent site, compromising personal data for approximately 430,000 individuals, including...
    Show more

    Severity

    The cyber security incident affecting British Airways in October 2023 was quite severe, involving a criminal hacking gang using minimal code to exfiltrate sensitive credit card data from hundreds of thousands of customers. This breach not only targeted British Airways but also impacted major UK entities like BBC and Boots through vulnerabilities in a third-party payroll provider, affecting over 100,000 employees. Given the wide-reaching impact, sophisticated methods, potential for future attacks, and severe repercussions for the affected organizations and individuals, the incident would be rat...
    Show more

    Impact

    The incident at British Airways resulted in a significant data breach, exposing the credit card information of hundreds of thousands of customers to cybercriminals. Additionally, the personal data of over 100,000 staff members from prominent UK companies, including British Airways, BBC, and Boots, was compromised, raising concerns about potential misuse of employee data. The breach notably affected customer data such as names, addresses, payment card details (including CVV), and log-in credentials, including sensitive information from BA Executive Club accounts. The UK Information Commissioner...
    Show more