Originally Posted by
DaveReidUK
It may be a naive question, but if the offending script has been identified and examined, would it not contain pointers to the culprits' server that it had been sending the captured credit card details to ?
It does: all data was sent to a cloud hosting site/VPS in Lithuania. Neither BA or British law enforcement bothered to contact the hosting company, instead it was brought to their attention by a member of the public several days after BA issued their alert.
https://www.scmagazineuk.com/amp/upd...rticle/1492560