Do you recall the recent British Airways hack in which about 380,000 customer payment card details were stolen from its network by hackers between August 21 and September 5 2018?

British Airways has now revealed that a further 77,000 payment cards, including CVV numbers, may have been hacked between April 21 and July 28, 2018.
 
  • Individuals who have been affected were those who made reward bookings between the dates above and who used a payment card. 
  • The hacked information included name, billing address, email address and card payment information, including card number, expiry date and CVV.

Just to add another layer of distress for customers the airline said a further:
  • 108,000 card details, without CVV numbers, were also skimmed from its systems during the same period.
In total that’s an additional 185,000 customer payment card details to add to the original 380,000.
But to muddy the waters British Airways said:
  • The original figure of 380,000 payment card details has been downgraded to 244,000. 
  • That said adding the recently disclosed figures means 429,000 payment card details have still been compromised.

Reassurance not reassuring

The airline is keen to point out that it has seen no evidence that stolen information has been exploited by cyber criminals.

Cathay Pacific recently said the same thing when almost 10 million customer records were lifted out of its systems by hacker.

However, the airlines are almost forced into making these statements to reassure jittery customers.
But because they haven’t seen any evidence doesn’t mean to say the data hasn’t already been exploited
  • An absence of evidence does not mean the stolen details haven’t yet been used. 
  • Fraudsters and spammers may already have exploited the data but it wouldn’t necessarily have been linked back the breach.

Coy

British Airways is still playing coy about how the attack happened. Passport and travel details weren’t compromised which suggests a payment system was breached.

Industry pundits believe that that malicious code was planted on the airline’s payments page.
  • The cyber crooks may have modified JavaScript files without disturbing its essential functionality. 
  • These scripts can include ads, analytics, widgets and other scripts that make the web more dynamic and interactive. 
  • JavaScript is fundamental to embedding ads, widgets and other dynamic features on website pages.

Who dunnit?

A hacker crew dubbed Magecart are believed to be behind the attack. They have an extensive history of stealing credit card and other details during online payment processes.

Their previous victims include dozens of online shops worldwide such as Ticketmaster during the summer, in which 400,000 card details were scammed.

Newegg hack

In September this year Californian online retailer Newegg began an investigation into an outbreak of malware on its systems that was designed to sniff customers' payment card details.

The company didn’t say how many card details may have been compromised but its monthly website traffic is estimated to be about 50 million visitors, most of whom live in the United States.

Magecart is also believed to be behind this attack.

The hacker crew specialises in "digital skimmer" software, that is, malicious code injected into a site and then used to intercept payment card data entered by an e-commerce website customer.

Just like the British Airways hack.