British Airways recently (early September 2018) announced that its systems had been breached, and the personal details of 380 000 customers stolen in a two week hack lasting from the 21st of August to the 5th of September. This is one of the largest data breaches ever suffered by a British company!
The information stolen consisted of names, addresses and bank details, including the CVC security codes on the backs of people’s bank cards.
According to RiskIQ, a firm specializing in data security, it only took 22 lines of code inserted into BA’s online payment system to extract this data and send it to whoever instigated the hack.
BA probably only reported the details of the hack so soon after it happened due to EU regulation stating that unless companies report details of such data breaches within 72 hours of their discovery, they could face hefty fines.
Even with the prompt reporting, this breach could still have serious implications for the victims, as the information had probably already been sold on to criminal organizations before the breach was announced.
This is a ‘text book’ example of a very straightforward cybercrime: a criminal organization (it’s probably, though not necessarily not a lone actor or even a small group here!) simply inserts 22 lines of code into one of the pieces of software being run on BA’s web site and there you go, after 2 weeks, 380 000 potential victims!
It’s a perfect example of how the sheer scale of cyber crime is so much greater than most ‘real world’ crimes. It simply isn’t possible to victimize that many people in one crime-event for most other crimes.
It’s also a great illustration of the uncertainties we face in ‘risk society’…. I mean, you expect a company like BA to be able to keep your data safe, but not even they can manage it. Also, while I would guess that it’s some kind of global organized crime group that’s committed this crime, I don’t know for certain who did it, or where they were based, or where this information is gone.
It’s also possible an argument against neoliberalism – BA had to ‘fess up’ to this crime because of EU data protection regulations. The chances are without such regulation BA would have kept this under wraps much longer, increasing the chances of people having their bank details actually used to do them financial harm.
A frugal life-style could form part of an effective strategy to protect yourself against data-theft. If you’re a proper tight-wad, then you’d want to avoid holidays abroad and thus be much less likely to purchase flights online, providing criminals with less opportunity to pilfer your data!
Image source from Pixabay
Information mostly from The Week, issue 1193.