Skip to content
City PM
  • Germany
  • France
  • Europe
  • Markets
  • Business
  • Opinion
  • DE
  • Germany
  • France
  • Europe
  • Markets
  • Business
  • Opinion
  • DE
Tuesday 11 September 2018 1:07 pm

British Airways data breach: How hackers stole customers’ data

By: Joe Curtis

Add as a preferred source on Google

  British Airways’ breach last week was caused by the same group of hackers that targeted Ticketmaster, according to cyber security researchers.

The cyber attack resulted in 380,000 customers’ personal and financial details ending up in the hands of criminals, with the airline warning those affected to contact their banks and promising full compensation.

Read more: BA in data theft mess as 380,000 card payments 'compromised'

Cyber security firm Risk IQ quickly identified it as a website credit card so-called skimming attack, where hackers infiltrate third-party software embedded in other websites to copy details entered by unsuspecting users.

Today it pointed the finger at a hacking outfit known as Magecart, which was also blamed for a hack on Ticketmaster earlier this year affecting up to 40,000 customers.

But Risk IQ warned its latest attack was much more sophisticated.

Rather than targeting third-party software embedded into a website, which is a typical approach to online skimming, Risk IQ’s analysis found that Magecart compromised the site itself, copying and modifying BA’s code supporting payments to send the payment details unwitting travellers type in to its own server.

The app shared many similarities with the website, making it easy for hackers to adjust their technique to target travellers paying via their smartphones, too.

"This attack is a highly targeted approach compared to what we’ve seen in the past with the Magecart skimmer,” said Yonathan Klijnsma, head researcher at RiskIQ.

"This skimmer is attuned to how British Airways’ payment page is set up, which tells us that the attackers carefully considered how to target this site in particular."

The firm’s analysis found that Magecart operatives could have infiltrated BA’s site days before the hack began on 21 August. A web certificate on the attacker’s main server was issued on 15 August.

Rob Shapland, principle cyber security consultant at Falanx Group, said BA could have prevented the hack simply by tracking any changes to its website’s code.

Read more: BA boss promises compensation after data breach

“The malicious code that steals the credit card details was injected into the site and would change the source code, meaning that it would be relatively simple to flag up the difference as soon as it occurred,” he said.

“One thing we don't know at this time is how the code was inserted into the site, as this could mean that the hackers had further access to BA systems.​"

BA declined to comment, saying a criminal investigation remains underway.

Share this article

  • Facebook
  • X
  • LinkedIn
  • WhatsApp
  • Email

Similarly tagged content:

Sections

  • News

Categories

  • Business
  • Tech
  • Transport & Infrastructure

Trending Articles

  • Billionaire Easyjet founder in line for £800m payday from takeover

  • The former African gold miner taking on the billionaire Issa brothers

  • Tesco ‘in talks’ to exit eastern Europe

  • Pension pressure to help swell UK debt to three times size of economy

  • As it happened: FTSE 100 slump as oil soars; Trump says Iran will be ‘hit hard’ tonight

More from City PM

  • The Debate: Should CEOs be held personally accountable for cyberattacks?

    Opinion
    Evil-looking keyboard symbolizing cybersecurity threats and hacking risks in a digital landscape.
  • Gambit Cyber Launches Vizier AI – An Autonomous Security Intelligence Workspace for Continuous Exposure Management

    Business Wire
  • M&S to face shareholder grilling over cyber attack recovery

    Retail
    Marks and Spencer was one of three UK retailers to be targeted
  • Jaguar Land Rover eyes cost-cutting and wealthy buyers in cyber attack recovery

    Retail
    JLR logo prominently displayed in an automotive business setting, highlighting the companys brand presence and identity
  • Neo4j Acquires GraphAware to Launch Intelligence Analysis Alternative to Palantir Gotham

    Business Wire
  • Professional services firms the ‘flavour of the month’ for cyberattacks

    Prof Services
    The ICO said it initially planned to fine Capita a total of £45m, but this was later reduced by “mitigating factors”
  • ‘Act now’: AI models capable of attacks on governments months away, Five Eyes warn

    Tech
    GettyImages 158774123 showcases a relevant business meeting scene, highlighting diverse professionals engaged in discussion.
  • Yubico Joins European Cyber Security Organisation (ECSO)

    Business Wire

City PM — European politics, business and analysis.

Europe

  • Germany
  • France
  • Europe
  • UK & Ireland

Topics

  • Business
  • Markets
  • AI
  • Technology
  • Opinion
  • Energy

More

  • Politics
  • Economics
  • Fintech
  • Legal
  • Sport
  • Life

Company

  • About City PM
  • Editorial Policy
  • Corrections
  • Contact
  • Terms of Use
  • Privacy Policy
  • Cookie Policy
© 2026 City PM · Published by CityPM Media, Bahnhofstrasse 65, 8001 Zürich, Switzerland
About · Editorial Policy · Corrections · Contact · Privacy · Facebook