, ,

ANOTHER British Airway’s Data Breach

british airways data breach

Yes, that was our reaction too! A vulnerability with British Airway’s check-in procedures has, once again, exposed passenger information. Astonishingly, this comes just weeks after The ICO announced plans to fine British Airways £183.93 million for its 2018 data breach.

What has happened in the third BA data breach?

Researchers at security firm Wandera have uncovered unencrypted links within BA’s e-ticketing process. They warned that this vulnerability means attackers could easily intercept these links to access and change the flight booking details and personal information of passengers.

A spokesperson from Wandera said:

“In an effort to streamline the user experience, passenger details are included in the URL parameters that direct the passenger from the email to the British Airways website where they are logged in automatically so they can view their itinerary and check-in for their flight.

 “The passenger details included in the URL parameters are the booking reference and surname, both of which are exposed because the link is unencrypted.”

Email addresses, phone numbers, membership numbers, first and last names, booking references, itinerary, flight numbers, flight times, seat numbers and baggage allowances could also be exposed.

BA is not alone

The threat was discovered last month. It came to light after someone from the Wandera research time accessed BA’s e-ticketing system from its network. But BA is not alone. The security firm also discovered similar weaknesses affecting several other airlines. This includes Southwest, KLM, Air France, Jetstar, Thomas Cook, Vueling, Air Europa and Transavia.

Speaking about the risk to passengers, Israel Barak, chief information security officer at cybersecurity company Cybereason, said:

“For the consumer flying with British Airways, or with other carriers, they should be working under the assumption that their personal information has been compromised many times over. “

Already helping hundreds of BA passengers to claim compensation following the 2018 BA data breach, data protection expert and managing director at Hayes Connor Solicitors Kingsley Hayes added his insight into this matter. He said:

“While this latest issue is not limited to British Airways, after recently experiencing two high-profile data breaches, the company should be taking customer security far more seriously.

“You would have thought that – at the very least – BA would have ensured robust encryption was in place at each and every point personal information is processed. But clearly, the threat of a huge fine from the ICO isn’t enough for BA to take its data protection responsibilities seriously enough.

 “The airline must now undertake an in-depth and thorough review of all its processes to make sure that it isn’t putting customers at further risk of cybercrime. Although, that might be too little too late given the damage already done.”

Can you make a BA data breach claim?

It is unclear if the latest breach has led to any customers suffering losses as a result. If you feel that you may have been affected, and have evidence of any loss or fraudulent activity please let us know.

Or, find out more about joining our 2018 data breach group action here.

The BA data breach was able to happen as the airline failed to implement reasonable and robust security processes. So, claiming compensation isn’t just in your best interests. The only way organisations will be persuaded to take their responsibilities seriously is by taking strong and decisive action.