british airways data breach
, ,

ANOTHER British Airway’s Data Breach

Yes, that was our reaction too! A vulnerability with British Airway’s check-in procedures has, once again, exposed passenger information. And astonishingly, this comes just a few weeks after The ICO announced plans to fine British Airways a whopping £183.93 million for its 2018 data breach.

What has happened in the third BA data breach?

Researchers at security firm Wandera have uncovered unencrypted links within BA’s e-ticketing process. Furthermore, they have warned that this vulnerability means that attackers could easily intercept these links to access and change the flight booking details and personal information of passengers.

Talking about the breach, a spokesperson from Wandera said:

“In an effort to streamline the user experience, passenger details are included in the URL parameters that direct the passenger from the email to the British Airways website where they are logged in automatically so they can view their itinerary and check-in for their flight.

 “The passenger details included in the URL parameters are the booking reference and surname, both of which are exposed because the link is unencrypted.”

Email addresses, phone numbers, membership numbers, first and last names, booking references, itinerary, flight numbers, flight times, seat numbers and baggage allowances could also be exposed.

The threat was uncovered last month, after someone from the Wandera research time accessed BA’s e-ticketing system from its network. But BA is not alone. The security firm has also discovered similar weaknesses affecting several other airlines. This includes Southwest, KLM, Air France, Jetstar, Thomas Cook, Vueling, Air Europa and Transavia.

Speaking about the risk to passengers, Israel Barak, chief information security officer at cyber security company Cybereason, said: “For the consumer flying with British Airways, or with other carriers, they should be working under the assumption that their personal information has been compromised many times over. “

Already helping hundreds of BA passengers to claim compensation following the 2018 BA data breach, data protection expert and managing director at Hayes Connor Solicitors Kingsley Hayes added his insight into this matter. He said:

“While this latest issue is not limited to British Airways, after recently experiencing two high-profile data breaches, the company should be taking customer security far more seriously than it is.

“You would have thought that – at the very least – BA would have ensured robust encryption was in place at each and every point personal information is processed. But clearly, the threat of a huge fine from the ICO isn’t enough for BA to take its data protection responsibilities seriously enough.

 “The airline must now undertake an in-depth and thorough review of all its processes to make sure that it isn’t putting customers at further risk of cybercrime. Although, that might be too little too late given the damage already done.”

Can you make a BA data breach claim?

At the moment, it is unclear if the exposure of personal and sensitive data in this latest breach has led to any customers suffering losses as a result. If you feel that you may have been affected, and have evidence of any loss or fraudulent activity please let us know.

Or, you can find out more about joining our 2018 data breach group action here.

The BA data breach was able to happen as the airline failed to implement reasonable and robust security processes. So, claiming compensation isn’t just in your best interests. The only way organisations will be persuaded to take their responsibilities seriously is by taking strong and decisive action.

REGISTER NOW

ba data breach
, , ,

What evidence do you need to join the BA data breach?

The ICO has announced plans to fine British Airways (BA) a whopping £183.93 million for its 2018 data breach. As a result of the data hack, almost 400,000 British Airways customers had their personal details and bank cards stolen. Enough details were exposed to make the threat of cybercrime a real possibility. Many banks had to cancel and re-issue cards as a result of the breach.

And, while cybercriminals caused the breach, the ICO is coming down strong on BA. This is because the privacy violation was only possible due to inadequate security arrangements at the airline.

However, while the ICO has the power to impose data breach fines, it does not give this money to victims of the data breach. As such, we have launched a group action to help victims of the BA data breach to get the compensation they deserve for their losses. And, we are currently collating valuable information about how this privacy violation has affected people to help us make the strongest claim possible.

What do you need to join our BA data breach?

To join our BA group action, we need evidence that your data was put at risk by the data breach. British Airways claims that it has emailed everyone involved in the violation, so if you still have that email, we can use that to start your claim.

However, in some cases, victims of the British Airways breach may not have received this email. For example, it might have gone into your spam folder. As such, we would advise you to check to make sure you haven’t received an email from the company (but do not click on any suspicious links).

Of course, if the email did go into your spam folder, it may have already been automatically deleted. If this is the case, you will need to provide alternative evidence.

If you haven’t got the email from BA, you can provide:

  • Evidence that you purchased tickets from BA on or between 22.58 on the 21st August 2018 and 21.45 on the 5th September 2018. Only people who bought tickets during this specific timeframe were impacted by the data breach
  • Evidence of any fraudulent transactions/attempts/alerts/cancelled cards that relate specifically to the card you used to purchase tickets from BA
  • Confirmation that, as far as you are aware, your card was not put at risk by another data breach.

What if you haven’t suffered any losses?

If you did use your card to purchase tickets during the above period, but haven’t yet been the victim of any fraudulent activity, this doesn’t mean that you are safe. Often data stolen by cybercriminals is used in batches over time. So, the losses incurred by a data breach are not always immediately apparent.

As such, if you used your card during the affected period, and are worried that you could be at risk, you can still let us know.

What can you do if you were affected by the British Airways data breach?

At Hayes Connor Solicitors, our BA group action allows people affected by this breach to bring a claim on a collective basis. This strengthens their overall position and increases their chances of success.

The BA data breach was able to happen as the airline failed to implement reasonable and robust security processes. So, claiming compensation isn’t just in your best interests. The only way organisations will be persuaded to take their responsibilities seriously is by taking strong and decisive action

To join our British Airways data breach action compensation claim, register with us today. We can help you claim compensation for financial losses, as well as for inconvenience and distress.

REGISTER NOW

british airways breach
, ,

Don’t leave it too late to join the British Airways data breach

This week, the ICO said that it is considering fining British Airways a staggering £183 million for its part in one of the most severe cyber-attacks in UK history. This is because, while cybercriminals hacked the airline, the British Airways data breach was only possible due to inadequate security arrangements.

As a result of the data hack, almost 400,000 British Airways customers had their personal details and bank cards stolen. Enough details were exposed to make the threat of cybercrime a real possibility. Many banks had to cancel and re-issue cards as a result of the breach.

Don’t leave it too late to join our No Win, No Fee, BA data breach compensation case

At Hayes Connor Solicitors, we are taking a group action against British Airways to help victims of this data breach to claim compensation. We can help you claim compensation for financial losses, as well as for inconvenience and distress.

Make sure you don’t miss out on the compensation you deserve!

Since the data breach, we have been contacted by hundreds of people who were put at risk by BA. And, if you have been in touch about joining this case, it’s vital that you now complete and return the information we have sent to you (links included in our initial documentation).

If you have misplaced this information, or if you require copies, please do not hesitate to email us at enquiries@hayesconnor.co.uk

What if you haven’t previously contacted Hayes Connor Solicitors about the BA data breach?

The action that we are taking against BA is still open to you to join. But, as we have already started our group action case, it is vital that you register with us ASAP.

What is a group action case?

A group action claim is where a group of people – sometimes even thousands of people – have been affected by the same issue. Group action cases are also known as class actions or multi-party actions.

With a group action claim, this group of people (the Claimants) collectively bring their cases to court against a Defendant. In this case, British Airways. These victims then fight together to achieve compensation in the High Court of Justice.

Where cases are very similar, group actions can be a powerful tool and can have a bigger impact than a single claim.

What does the ICO fine mean for this case?

Investigating why the British Airways data breach was able to happen, the ICO found that information was able to be compromised by inadequate security arrangements at BA. This means that BA will be held responsible for its failure to protect customer data. But, while the ICO has the power to impose data breach fines, it does not give this money to victims of the data breach.

However, we can use the evidence uncovered by the ICO to make a very strong case. So, if your data was put at risk by BA, you should now make a data breach compensation claim.

To join our British Airways data breach group action compensation claim, register with us today.

REGISTER NOW

 

British Airways data breach
,

British Airways to be fined £183m after customer data breach

Last year, almost 400,000 British Airways customers had their personal details and bank cards stolen in one of the most severe cyber-attacks in UK history. In response, the airline is now facing a staggering £183 million penalty by the Information Commissioner’s Office (ICO).

However, while the ICO has the power to impose data breach fines, it does not give this money to victims of the data breach. So, if your data was put at risk by BA, you should now make a data breach compensation claim.

What has the ICO said about the British Airway’s data breach?

Commenting on the proposed fine, Information Commissioner Elizabeth Denham said:

“People’s personal data is just that – personal. When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience.

“That’s why the law is clear – when you are entrusted with personal data you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”

British Airways has said that it is surprised and disappointed about the huge penalty.  However, this is still only worth 1.5% of its worldwide turnover. What’s more, under data protection rules, the fine could have been as large as £488 million. So BA could be getting away lightly.

Despite this, BA is hoping to appeal. And, the ICO has said that it will “consider carefully” the representations BA makes as well as other concerned data protection authorities before it takes its final decision.

What did British Airways do wrong?

British Airways customers had their details stolen over 15 days in a massive data breach. The attack put the personal and financial information of customers making bookings at risk. Enough details were exposed to make the threat of cybercrime a real possibility. Also, many banks had to cancel and re-issue cards as a result of the stolen data. In total, about 380,000 transactions were affected.

Investigating why this breach was able to happen, the ICO found that information was able to be compromised by inadequate security arrangements at BA.

Commenting on the proposed penalty, Kingsley Hayes, managing director at Hayes Connor Solicitors said:

“This is the most significant penalty ever handed out by the ICO, and the first to be made public under the new GDPR. With such attacks often having a devastating effect on victims, we are delighted that the ICO is taking the BA data breach so seriously.

“From the start, BA has tried to delay acting on its responsibilities to its customers. For example, when the breach first happened, it said that compensation claims would be discussed on an ‘individual basis’. However, it was never up to the airline to dictate the terms of any compensation payments.

“Following the ICO’s announcement, it looks like the company is still not taking responsibility for its data protection failures in so far as its customers compensation claims are concerned and their lawyers still fail to take a proactive approach to resolving those”.

What can you do if you were affected by the British Airways data breach?

At Hayes Connor Solicitors, we are taking action against British Airways. The action allows people with the same type of claim to bring it together on a collective basis. This strengthens their overall position and increases their chances of success.

The BA data breach was able to happen as the airline failed to implement reasonable and robust security processes. So, claiming compensation isn’t just in your best interests. The only way organisations will be persuaded to take their responsibilities seriously is by taking strong and decisive action

To join our British Airways data breach action compensation claim, register with us today. We can help you claim compensation for financial losses, as well as for inconvenience and distress.

REGISTER NOW

data breach compensation
, , ,

How has the British Airways data breach hurt passengers?

At Hayes Connor Solicitors, we’re helping victims of the British Airways data breach to claim compensation after their personal information was put at risk by the airline. An organisation they trusted to look after it.

But all too often, we hear accusations that the people trying to recover from the BA data breach are “trying to get something for nothing”.

However, data privacy breaches can have a severe and often lasting impact on those affected. As such, we believe it is vital that organisations like BA are held to account for their failure to protect our personal information.

Brand loyalty is all well and good, but it’s vital that we don’t put the needs of big companies above the rights of customers.

Here’s why we believe it’s essential that people are able to hold businesses like BA to account.

The financial impact of cybercrime can be very harmful

Cybercrime can result in financial fraud and identity theft. And the result of either of these can be devastating. With enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts.

Despite claims from BA that it had not received reports of fraud resulting from the attack on its systems, in November last year it was reported that Russian hackers might have made millions selling credit card details stolen from BA customers.

And, even if nothing has been done with that information as yet, it doesn’t mean the stolen data is safe.

Working exclusively on data breach and cybercrime cases, it has become clear to our solicitors that the impact and losses people sustain following a data privacy violation are not always immediately apparent. Indeed, in the Ticketmaster data breach, we are starting to see cases where the impact only became clear months later. This is often because data stolen is used in batches over time.

To date, 63% of all the clients we took on in the Ticketmaster data breach case suffered multiple fraudulent transactions on their payment cards.

So, as yet it’s impossible to say how many people have been impacted by the BA data breach, and to what extent.

Certainly, according to an article in The Metro, at least one BA customer is reported to have suffered fraudulent activity on their credit card, which was used to book a BA flight during the time the data was at risk.

Your mental health matters

Even if you haven’t lost out financially after a data breach, this doesn’t mean that there is “no harm done.”

Being the victim of a crime can have a sizable and lasting impact on you mentally and physically. Everyone copes differently, but for some the effects can include a lack of sleep, feeling ill, unsettled or confused. Stress can also affect your friends, your family and your job. Some data breach victims become paranoid and oversensitive about their personal privacy and can go on to develop depression.

Thankfully, over the last few years, people are waking up to the reality of mental health, and there is a greater awareness about the lasting effects of physiological suffering and anguish.

For example, following last year’s Ticketmaster data breach, 31% of all our clients involved in this case suffered from distress and/or psychological trauma as a result of having their card details stolen. And, like the financial losses, often the full impact wasn’t felt until much later.

“The effects of crime can also last for a long time, and it doesn’t depend on how ‘serious’ the crime was. Some people cope really well with the most horrific crimes while others can be very distressed by a more minor incident”.

Victim Support

Despite this, the emotional impact of data breaches is still not being taken seriously by those organisations we trust to look after our sensitive information. And we believe this to be true in this case.

Following the BA data breach, the airline said that compensation claims would be discussed on an ‘individual basis’. However, it is not up to the airline to dictate the terms of any compensation payments. And it is certainly not clear how (or indeed if) BA intended to evaluate the emotional impact the data breach had on its customers.

“As a result of increased volumes of data breach incidents, lawyers and experts are using their respective skills to assess the psychological and social consequences, symptoms and ‘injuries’ in reliable and valid ways. Structured interviewing, psychometric assessment and perusal of medical and occupational records are all part of this process”.

Professor Hugh C. H. Koch visiting professor in law and psychology at Birmingham City University School of Law and clinical psychologist

Loyalty works both ways

Should a data breach happen, we would expect the organisation in question to do everything in its power to keep its customers safe and prevent further damage. But this doesn’t seem to be the case following the BA data breach.

Some customers have complained that they have not been contacted by British Airways about the data breach, despite having seen fraudulent activity on their payment cards. Others have complained about BA advising customers to go to their bank for advice, rather than issuing its own instructions to help travellers stay protected.

 Speaking to The Telegraph, one BA customer said: “I saw the tweet, that was the first I knew of it.” He added: “I’ve not heard anything from them on this and I’ve just had to cancel the card I used. They’re a shambles.”

Another customer said she had been left vulnerable after being forced to cancel her bank card while travelling alone in the middle of Vietnam. She tweeted that she was “furious” with the airline and that she only found out about the data breach from news; before BA had the decency to her that she was likely affected.

She went on to tweet: “All companies have problems, some of them will affect their customers. That is a simple fact of business. How the company reacts, communicates & cares, is everything.

“British Airways are failing badly on this. I can’t even get a team manager in their call centre to call me.”

 While another BA customer told the BBC: “I have six cards linked to my BA account. I have no idea how much of my data information has been stolen. I will have to go to each of my credit card providers, cancel the cards, and all the direct debits, etc., related to those cards. This will take a long time, something I have to do with no help from BA”.

 Make a British Airways compensation claim with Hayes Connor Solicitors

At Hayes Connor, we want to reduce the number of data violations taking place across the UK.

To do this, we are helping to raise awareness of data breaches and cybercrime, and educating people and businesses to prevent similar infringements from happening. For more advice on how to keep your data safe, follow us on Twitter and Facebook.

But, where a breach has already occurred, it’s vital that you can recover your losses. We could be talking about one of the most severe data breach cases to hit the UK, so it’s critical that people can get the help they need.

To join our British Airways data breach group action compensation claim, you will need to register with us. We’ll let you know what is happening in this case and if and when you can make a BA data breach compensation claim.

 REGISTER NOW

data breach
, , ,

Should you hold British Airways responsible for its data breach?

At Hayes Connor Solicitors, we’re helping victims of the British Airways data breach to claim compensation after their personal information was put at risk by the airline.

However, in our work we often hear people talking about how companies like British Airways (BA) should not have to pay for the acts of unscrupulous hackers. And it’s true that cybercriminals are becoming increasingly sophisticated. But this doesn’t let negligent organisations off the hook.

The truth is that in most cases, data breaches happen because of a failure to implement reasonable and robust processes. We believe that this was the case at BA.

As such, claiming compensation isn’t just in your best interests. The only way big organisations will be persuaded to take their data privacy responsibilities seriously and make improvements is by hurting their bottom line.

Brand loyalty is all well and good, but it’s vital that we don’t put the needs of big companies above the rights of their customers.

Crucially, if BA had done everything in its power to protect its customers’ data, and had robust security processes in place, it is unlikely that a claim for compensation would be successful. This is why we usually wait for the results of an investigation by the Information Commissioner’s Office (ICO) before starting a group action.

So, was BA responsible for the data breach? Let’s look at the facts.

  1. British Airways didn’t spot the data breach for two weeks

In September last year, it was revealed that almost 400,000 BA customers had their bank card details stolen in one of the most severe cyber-attacks in UK history.

Worryingly, the hack went undetected for two weeks before BA told its customers about the breach and reported the incident to the police. BA has admitted that the hackers spent more than a fortnight accessing data online and we believe that this is a significant failure by BA – one that increases the risk to passengers substantially.

With 12 days between the BA data breach occurring and the incident being detected, questions have been asked as to whether poor systems made this cyber-attack worse.

  1. British Airways uncovered a second data breach when investigating the first

To make matters worse, when investigating this case, a second data breach was also spotted at the airline.

In this instance, 77,000 people had their names, addresses, email addresses and detailed payment information taken. This included card numbers, expiry dates, and card verification value (CVV) numbers. And, a further 108,000 people had their personal details stolen. This hack could have left customers exposed for months.

  1. Hackers could already have made millions from the British Airways data hack

Russian hackers may have made millions selling credit card details stolen from BA customers. Research has found that stolen data was put up for sale on the dark web about a week after the BA breach. Hackers were charging between £7 and £40 (approximately) for each card’s worth of information.

BA says it has not received reports of fraud resulting from the attack on its own systems.

  1. The British Airways hack might have been caused by the same hackers as Ticketmaster

According to reports, a cyber-criminal operation known as Magecart is behind the recent BA data breach. The group has been very active over the past three years. It is also thought to be behind the Ticketmaster data hack.

A report by RiskIQ states that clues link the same operation to the BA breach. The company said the code found on the BA site was very similar. However, the code was modified to suit the way the airline’s website had been designed. Crucially, if RiskIQ, is right about how the attack worked, a cybersecurity researcher has told the BBC that “BA should have been able to see this”. So the hack could have been very easily prevented.

Worryingly, in the Ticketmaster data breach case:

  • 63% of all the clients we took on suffered multiple fraudulent transactions on their payment cards, and
  • 31% of all our clients involved in this case suffered from distress and/or psychological trauma as a result of having their card details stolen and used in fraudulent activity.

What’s more, it is becoming increasingly clear that the impact and losses people sustain following a data breach are not always immediately apparent. Indeed, in the Ticketmaster data breach, we are starting to see cases where the impact occurred months later. This is often because data stolen is used in batches over time.

So, as yet it’s impossible to say how many people have been impacted by the BA data breach, and to what extent.

  1. British Airways has been accused of not taking its responsibilities seriously following the data breach

Following the BA data breach, the airline said that compensation claims would be discussed on an ‘individual basis’. However, it is not up to the airline to dictate the terms of any compensation payments.

In response, customers took to the media to share their fury at the airline’s handling of the privacy violation.

According to an article in The Metro, one BA customer said “They talk about compensation to be discussed on a case-by-case basis. To me, this seems incredibly unprofessional.”

He added: “They are trying to not take full responsibility for it”.

The same customer is reported to have suffered fraudulent activity on his credit card, which he used to book a BA flight during the time the data was at risk.

Some customers have complained that they have not been contacted by BA about the data breach, despite having seen fraudulent activity on their payment cards. Others have complained about BA advising customers to go to their bank for advice, rather than issuing its own instructions to help travellers stay protected.

One BA customer told the BBC: “I have six cards linked to my BA account. I have no idea how much of my data information has been stolen. I will have to go to each of my credit card providers, cancel the cards, and all the direct debits, etc., related to those cards. This will take a long time, something I have to do with no help from BA”.

Make a British Airways compensation claim with Hayes Connor Solicitors

At Hayes Connor, we want to reduce the number of data violations taking place across the UK.

To do this, we are helping to raise awareness of data breaches and cybercrime, and educating people and businesses to prevent similar infringements from happening. For more advice on how to keep your data safe, follow us on Twitter and Facebook.

But, where a breach has already occurred, it’s vital that you can recover your losses. We could be talking about one of the most severe data breach cases to hit the UK, so it’s critical that people can get the help they need.

To join our British Airways data breach group action compensation claim, you will need to register with us. We’ll let you know what is happening in this case and if and when you can make a BA data breach compensation claim.

 REGISTER NOW

BA data breach
, , ,

What’s happening in the British Airways data breach group action?

Last year, almost 400,000 British Airways customers had their bank card details stolen in one of the most severe cyber-attacks in UK history. In response, our expert data breach solicitors are preparing to launch a British Airways data breach group action once the relevant investigations are complete.

What happened in this case?

British Airways has apologised after admitting that its customers’ details were stolen over a period of 15 days in a massive data breach. The attack put the personal and financial information of customers making bookings at risk. In total, about 380,000 transactions were affected.

We could be talking about one of the most serious data breach cases to hit the UK, so we quickly began to receive enquiries from concerned passengers.

Where are we up to?

We are currently preparing to launch a British Airways data breach group action. A group action is undoubtedly the best way forward for data breach claims of this nature. It allows people with the same type of claim to bring it together on a collective basis to strengthen their overall position and increase their chances of success.

We have also sent a ‘Letter of Claim’ to BA and their solicitors. This shows them that we are serious about pursuing potential litigation on behalf of our clients.

We have also met with other solicitors who are also pursuing claims against BA for the data breach. We believe that a joined-up approach with these solicitors will allow us to proceed on a similar footing with the other claimants, and maximise our chances of success.

Why claim against a victim of a cyber-attack?

It’s true that cybercriminals carried out a “sophisticated, malicious criminal attack” on the British Airways website.

But this doesn’t let BA off the hook. These hackers spent more than two weeks accessing data online before the hack was spotted and reported. This increases the risk substantially. So it’s unlikely that

BA did everything in its power to protect your data or had secure security processes and procedures in place.

The reality is that in most cases, data breaches happen because of a failure to implement reasonable and robust processes. So claiming compensation isn’t just in your best interests, the only way these organisations will be persuaded to take their responsibilities seriously and make the necessary improvements is by hurting their bottom line.

What should you do if you are worried?

For anyone worried that their data has been exposed by British Airways, you should:

  1. Determine what was stolen. To protect yourself as much as possible you need to know what kind of information was accessed in the data breach. British Airways should be able to advise you on this
  2. Contact your bank. If any financial information has been stolen, contact your bank or credit card provider immediately and explain that your account is at risk of fraud. As well as issuing a new card, the bank should be able to advise you if it detects suspicious activity on your account
  3. Change your passwords. If an online account (such as an email address) has been compromised, change the password right away. You should also change all other accounts that use the same password, and – if your email could be compromised – any accounts that could be accessed via your email. To keep you safe in the future, create a secure, unique password for each account (you might want to consider using a password manager to do this for you)
  4. Deploy additional security measures. If an app or website offers two-factor authentication to protect an account, use it
  5. Be vigilant. Beware of scammers using your stolen data against you. For example, don’t click on any links in emails asserting to be from your bank and always use the numbers they provide on their website if they ask to talk to you
  6. Sign up for a credit and/or identity-monitoring service. This will help you to monitor your financial accounts and sensitive personal information. Many organisations will offer such services free following a data breach but it’s important to check the small print. Be careful that in accepting any offer you are not giving away your rights to pursue a separate data breach compensation claim at a later date
  7. Keep a record. Make a list of all the accounts that could have been accessed and note down why you are concerned about them
  8. Inform the Information Commissioner’s Office (ICO) about your concerns. At present, the ICO is investigating the British Airways data breach. While it does not award compensation, if the ICO believes that the organisation in question broke the law, you can use this information in court to help prove your claim
  9. Contact Hayes Connor Solicitors ASAP. We’ll ensure that you are fully informed on this matter and will notify you about the investigation and your legal rights when making a claim.

To join our British Airways data breach group action compensation claim, you will need you to register with us. We’ll let you know what is happening in this case and if and when you can make a data breach compensation claim.

REGISTER NOW

british airways
, , ,

BA admit to second cyber attack

Last week, we reported that a second cyber-attack had hit British Airways. The hack took place between April 21 and July 28 and was only uncovered as the airline was investigating another breach of its website which occurred in September.

August – September Data Breach

According to an update on the British Airway’s website, the company is investigating, as a matter of urgency, the theft of customer data from its website, ba.com, and its mobile app.

BA states that you may have been affected if you made a booking or paid to change your booking with a credit or debit card on ba.com or the mobile app between 22:58 BST August 21 2018 until 21:45 BST September 5 2018. It also recommends that you contact your bank or credit card provider and follow their advice.

You can find more details on the Aug-Sept BA data breach here.

 

April – July Data Breach

A further update on the BA website says: “Since our announcement on September 6, 2018 regarding the theft of our customers’ data, British Airways has been working continuously with specialist cyber forensic investigators and the National Crime Agency to investigate fully the data theft. We are updating customers today with further information as we conclude our internal investigation.”

It continues: “The investigation has shown the hackers may have stolen additional personal data and we are notifying the holders of 77,000 payment cards, not previously notified”.

You can find more details on the Apr-Jul BA data breach here.

 

What was stolen?

The stolen data included some payment card numbers, expiry dates, and card verification value (CVV) numbers. In addition, in both cases, the hackers also gained access to personally identifiable information (PII) including names, addresses, and email addresses.

PII includes any data that can be used to identify a specific individual, and, if it gets into the wrong hands, it can be used to undertake identity fraud. For example, with enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts.

It appears likely that both attacks were carried out by the same hackers, and could have gone on for months. There are also fears that customers’ details could be sold on the dark web to cybercriminals.

BA has said that it will contact everyone affected by both data breaches. If you have been told your data is at risk you should:

  • Contact your bank or card provider
  • Beware of fraudsters claiming to be British Airways who attempt to gather personal information (phishing). BA has said that it will NOT be contacting any customers asking for payment card details
  • Report any such requests to the police and relevant authorities
  • Look out for any bills or emails showing goods or services you haven’t ordered, or any unfamiliar transactions on your account and alert your bank or card provider immediately if there is any suspicious activity
  • Keep an eye on your credit score for any unexpected dips
  • Beware of any unsolicited communications that ask for your personal data or refer you to a web page asking for personal data
  • Register with a suitable fraud prevention service
  • Change your passwords on any accounts that use the same passwords as your BA account.

Compensation for the BA data breaches

British Airways has previously promised to compensate any customers who suffer “financial hardship” because of the breach.

However, it is not up to BA to dictate the terms of any compensation payments. What’s more, in the UK it doesn’t matter if you haven’t lost out financially as a result of the hack. A personal data breach is a 21st-century version of being burgled and being the victim of a crime can have a significant impact on you mentally and physically. So, if the data breach has caused you stress or anxiety, then the law agrees that you are entitled to compensation.

Join our BA data breach group action

Committed to helping victims of data breaches and cybercrime to achieve the justice they deserve, at Hayes Connor Solicitors we are now considering launching a group action to compensate victims of both BA data hacks.

Just because BA was a victim of cybercriminals, doesn’t mean it is any less liable if it failed to protect your all-important data sufficiently. Big companies must be held to account.

At Hayes Connor Solicitors, we are experts in data breach cases, and, once you have registered with us, it’s not uncommon that we uncover information that allows us to increase the value of your claim significantly. What might seem irrelevant to you, could make a huge difference in the eyes of the law. That’s why it’s important not to be fobbed off by a low initial offer from BA. Instead, by making a no-win, no-fee claim with us, we can increase the amount of compensation you receive substantially.

To join our group action, you will need you to register with us. We’ll let you know what is happening in this case and if and when you can make a data breach compensation claim.

Data breaches often have severe consequences for those affected so you could be entitled to thousands of pounds in compensation.

REGISTER NOW

 

 

, , ,

BA hit by second cyber attack leaving thousands of customers at risk

A second cyber-attack has hit British Airways. The hack was discovered while the airline was investigating another breach of its website which occurred in September.

It appears that the earlier attack took place between April 21 and July 28. Over 185,000 people could have had their payment card details stolen.

Two separate groups of customers have been affected by the latest BA data breach:

  • 77,000 people have had their names, addresses, email addresses and detailed payment information taken. This includes card numbers, expiry dates, and card verification value (CVV) numbers
  • 108,000 people have had their personal details stolen, but not their payment card CVV numbers.

The hack went undetected for months; meaning BA customers have been exposed to fraud all this time. It appears likely that both attacks were carried out by the same hackers and there are fears that customers’ details will be sold on the dark web to cybercriminals.

A breach of the BA website in September affected 380,000 transactions. As in this latest case, along with the financial info stolen, the hackers also gained access to personally identifiable information (PII).

PII includes any data that can be used to identify a specific individual, and, if it gets into the wrong hands, it can be used to undertake identity fraud. For example, with enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts.

BA has said that will contact everyone affected by the latest data breach.

What is happening now?

The September BA data breach is currently being investigated by the Information Commissioner’s Office and the National Crime Agency. It is possible that the airline could face huge fines as the violation occurred after the introduction of the General Data Protection Regulation which imposes strict data protection rules on organisations. This latest breach will also of interest to the regulators.

What should you do to protect yourself?

Signs that criminals have used your data or financial information following either of the BA data breaches include:

  • Bills or emails showing goods or services you haven’t ordered
  • Unfamiliar transactions from your account
  • An unexpected dip in your credit score
  • Unsolicited communications that ask for your personal data or refer you to a web page asking for personal data.

If you believe you have been affected by either BA data breach, please contact your bank or credit card provider immediately.

Compensation for the BA data breaches

Alex Cruz, the chairman and chief executive of British Airways, has previously promised to compensate any customers who suffer “financial hardship” because of the breach.

However, it is not up to BA to dictate the terms of any compensation payments.

What’s more, in the UK it doesn’t matter if you haven’t lost out financially as a result of the hack. A personal data breach is a 21st-century version of being burgled and being the victim of a crime can have a significant impact on you mentally and physically. So, if the data breach has caused you stress or anxiety, then the law agrees that you are entitled to compensation.

Join our BA data breach group action

Committed to helping victims of data breaches and cybercrime to achieve the justice they deserve, at Hayes Connor Solicitors we are now considering launching a group action to compensate victims of both BA data hacks.

Just because BA was a victim of cybercriminals, doesn’t mean it is any less liable if it failed to protect your all-important data sufficiently. Big companies must be held to account.

At Hayes Connor Solicitors, we are experts in data breach cases, and, once you have registered with us, it’s not uncommon that we uncover information that allows us to increase the value of your claim significantly. What might seem irrelevant to you, could make a huge difference in the eyes of the law. That’s why it’s important not to be fobbed off by a low initial offer from BA. Instead, by making a no-win, no-fee claim with us, we can increase the amount of compensation you receive substantially.

To join our group action, you will need you to register with us. We’ll let you know what is happening in this case and if and when you can make a data breach compensation claim.

Data breaches often have severe consequences for those affected so you could be entitled to up to £5,000 in compensation.

REGISTER NOW

British Airways breach caused by the same hackers as Ticketmaster
, , ,

British Airways data breach caused by the same hackers as Ticketmaster

According to reports, a cyber-criminal operation known as Magecart is behind the recent British Airways data breach. The group has been very active in the past three years. It is also thought to be behind the Ticketmaster data hack.

Earlier this year we reported that cybersecurity analysts RiskIQ believed that the Ticketmaster data theft was part of a larger credit card scheme.

A new report by RisqIQ states that there are clues linking the same operation to the British Airways breach. The company said the code found on the British Airways site was very similar. However, the code was modified to suit the way the airline’s website had been designed.

“The infrastructure used in this attack was set up with British Airways in mind and purposely targeted scripts that would blend in with normal payment processing to avoid detection.”

Crucially, if RiskIQ, is right about how the attack worked, a cybersecurity researcher has told the BBC that “BA should have been able to see this”.

If the British Airways data breach was carried out by the same group, the threat to consumers could be much worse than thought. RisqIQ has said that it looked like the group behind the attack had decided to target specific brands, and that more breaches of a similar nature were likely.

What should you do about the British Airways data breach?

Regardless of who was behind the attack, British Airways was responsible for keeping your data safe, and this is something it has failed to do.

The British Airways data breach has compromised payment details and personal data. This information that can be used by cybercriminals to steal money from you, apply for credit in your name, set up fraudulent bank accounts and more.

So, if you have suffered damage or distress caused by this hack, you have a right to claim compensation. British Airways has said that it has informed those involved, so if you have received this email let us know.

Data breaches often have severe consequences for those affected so you could be entitled to around £5,000 in compensation.

With data breaches on the rise, something has to be done to make big companies accountable for data losses, so claiming compensation isn’t just in your best interests, it could be the only way to ensure that businesses everywhere implement more secure processes.

To join our British Airways data breach group action compensation claim, you will need you to register with us. We’ll let you know what is happening in this case and if and when you can make a data breach compensation claim.

REGISTER NOW