RiskIQ, the security firm, told outlets on Tuesday (Sept. 11) that the data breach at British Airways was due to credit card skimming installed by malware hackers.
According to reports, Yonathan Klijnsma, a threat researcher at RiskIQ, told the outlet that the same group of hackers that breached Ticketmaster may be behind the attack at British Airways, in which more than 380,000 credit cards were compromised. The researcher said the group was highly targeted in their approach, and that the British Airways breach was part of a broader plot to steal records from various websites.
“This British Airways attack was just an extension of this campaign,” said Klijnsma. “This attack is a simple but highly targeted approach compared to what we’ve seen in the past with the Magecart skimmer, which grabbed forms indiscriminately. This particular skimmer is very much attuned to how British Airways’ payment page is set up, which tells us that the attackers carefully considered how to target this site instead of blindly injecting the regular Magecart skimmer.”
Last week, British Airways announced that it was hit by a customer data breach on its website and mobile app, affecting around 380,000 card payments. The airline told CNBC that the breach took place from Aug. 21 to Sept. 5 and is now resolved. The hack has been reported to the authorities, including the U.K. Information Commissioner’s Office (ICO). British Airways said the stolen data did not include travel or passport details.
“We are deeply sorry for the disruption that this criminal activity has caused. We take the protection of our customers’ data very seriously,” said Alex Cruz, British Airways’ CEO, according to Financial Times. The airline advised any customers who believe they may have been affected by the incident to contact their banks or credit card providers.
This is just the latest breach to hit an airline. In fact, there were 1,000 cyberattacks on aviation systems every month during 2016, according to the European Aviation Safety Agency. That same year, Vietnam Airlines had to complete its operations at airports by hand after hackers took down its website. Last year, LATAM Airlines and Ukraine’s Boryspil International Airport were both hit by ransomware.