BA hacked but they're 'deeply sorry'
Join Date: Aug 2007
Location: inv
Posts: 346
Likes: 0
Received 0 Likes
on
0 Posts
About the potential half billion fine. It could well be written in.to the outsourcing contract that any fine etc be paid by the outsourcing company and not BA. So other than reputational damage it could be BA walks away scot free..
Join Date: Jun 2007
Location: Highbury, London
Age: 66
Posts: 61
Likes: 0
Received 0 Likes
on
0 Posts
I would be utterly appalled if they weren't - unless they've bullied their acquirer into submission on the basis of their scale and throughput (aka the richness of the pickings for the acquirer). They should at any rate have a shedload of PCI-DSS auditors all over them at the minute. I'm not sure that outsourcing IT transfers the responsibility, either.
Posted this on the AAR thread...
I travel all the time like many on here and will happily moan about using Ryanair - but most of the time they will get me there on time, no issues. I've used them 30-40 times in the last 18 months and they are rarely late, if a bit uncomfortable.
I have used BA twice in the last year - first time a return to TLV; there was a total baggage system failure. And now my second trip to NCL, this happens. It’s not really good enough is it?
I didn't lose any money (I've seen some pictures on social media of affected transactions). I did however block my card before going travelling again as banks don’t send cards to hotels or other locations which aren’t your home. In the mean time I still have to pay for flights and hotels on my personal rather than business card. Frustrating.
As for Cruz, I'm not really sure how he still has a job - he seems to be made of teflon over the last couple of years. Aside from strong financial performance, the airline has regressed into a lower division when it comes to product.
I travel all the time like many on here and will happily moan about using Ryanair - but most of the time they will get me there on time, no issues. I've used them 30-40 times in the last 18 months and they are rarely late, if a bit uncomfortable.
I have used BA twice in the last year - first time a return to TLV; there was a total baggage system failure. And now my second trip to NCL, this happens. It’s not really good enough is it?
I didn't lose any money (I've seen some pictures on social media of affected transactions). I did however block my card before going travelling again as banks don’t send cards to hotels or other locations which aren’t your home. In the mean time I still have to pay for flights and hotels on my personal rather than business card. Frustrating.
As for Cruz, I'm not really sure how he still has a job - he seems to be made of teflon over the last couple of years. Aside from strong financial performance, the airline has regressed into a lower division when it comes to product.
Join Date: Jul 2012
Location: Cambridge, UK
Age: 47
Posts: 14
Likes: 0
Received 0 Likes
on
0 Posts
I really don't want to defend BA, but...
...I don't think that one can be blamed on them. I'd imagine all airlines were affected. Equally...
...every company is hackable. BA's loss isn't even particularly big. Heartland Payment Systems lost 130 million cards, TKMaxx lost 94m and Sears lost 90m. The best security techniques will eventually be better by those that value the data hidden away. With the information revealed so far, I've a good idea what might have happened, and many companies would be at risk of a similar attack.
American Express will, on some accounts. In fairness, your do pay handsomely for the services they offer, but they can be good value.
American Express will, on some accounts. In fairness, your do pay handsomely for the services they offer, but they can be good value.
Once again, omnishambles seems to sum up BA’s operation. At least it’s never a dull moment working there. Like many of the staff, I often wonder what we could have achieved had we been led by decent management. But then, you only have to look at the calibration of politicians running the country to see that it must be a cultural thing.
Join Date: Aug 2007
Location: UK
Age: 54
Posts: 31
Likes: 0
Received 0 Likes
on
0 Posts
I work in IT and unfortunately the cost cutting is rampant. Everything is being moved overseas (not that I am saying they are any less capable) but the testing time lines have been trimmed to almost non existent. There was a time when we used to say the testing of our code should be 10 times the actual writing time. Unfortunately, testing is one of the items that has been stripped to the core. Automated testing can NOT match personal testing (rant over). TVDH
Tabs please !
I have visited a few offshore IT establishments and their security has to be seen to be believed. My car was inspected including the underside where the security chap used a pole with a mirror to check for goodness knows what. I doubt he would have recognised anything out of the ordinary. My team were then met by another security bloke who was 5 foot one and weighed about 50 kilos. He sported a baseball cap with a swastika and the work "Security". The symbol is a Hindu good luck charm but my colleagues and I had a little bit of trouble keeping a straight face. We were searched and the camera on our mobiles was spotted. This was resolved (I kid you not) by placing a piece of sticking plaster over the lens and we were then allowed to take our phones on site. The camera lenses on our laptops were ignored.
The following day, we held our phones in our hands above our heads while being searched and walked in minus the sticking plasters.
The following day, we held our phones in our hands above our heads while being searched and walked in minus the sticking plasters.
Join Date: Aug 2007
Location: UK
Age: 54
Posts: 31
Likes: 0
Received 0 Likes
on
0 Posts
B Fraser, I know the feeling. Worked in India rolling out software. Was not allowed to take a pen in to the call centre in case I wrote down a credit card number!! Despite the fact that I had FULL admin privileges to the entire companies databases :-) ...... not that the databases held credit card details (but you get my drift). The most worrying thing about this "breach" is that CVV details should NEVER be held!
Last edited by Theviewdownhere; 10th Sep 2018 at 08:33. Reason: more info
Join Date: Jan 2007
Location: Liverpool
Posts: 33
Likes: 0
Received 0 Likes
on
0 Posts
On a laptop ? You're kidding, of course.
If your users have admin access to policies on your PCs, then the presence or absence of USB ports is the least of your problems.
If your users have admin access to policies on your PCs, then the presence or absence of USB ports is the least of your problems.
I work in networking in the US. You do NOT want me to start telling stories about security breaches. I'll share one. Last Nov I was asked to go onsite at the federal IRS office in a large US southern state. I went to some of the storage systems where they keep taxpayer records. I typed in the default root password for the machine and on 7 of 11 of the systems - I was into their storage subsystem as root login. I told the on-site wunderkind who had to be all of 19 years old. He said they had already 'hardened them'. I said it needs to be harder than hard. They also have offsite management networks that breaches the comms firewall with no VPN. Oye.....
Join Date: Jan 2008
Location: Esher, Surrey
Posts: 466
Likes: 0
Received 0 Likes
on
0 Posts
https://www.bbc.co.uk/news/technology-45481976
"A cyber-security firm has said it found a malicious script injected into the British Airways website, which could be the cause of a recent data breach that affected 380,000 transactions.
A RiskIQ researcher analysed code from BA's website and app around the time when the breach began, in late August.
He claimed to have discovered evidence of a "skimming" script designed to steal financial data from online payment forms.
BA said it was unable to comment.
"A cyber-security firm has said it found a malicious script injected into the British Airways website, which could be the cause of a recent data breach that affected 380,000 transactions.
A RiskIQ researcher analysed code from BA's website and app around the time when the breach began, in late August.
He claimed to have discovered evidence of a "skimming" script designed to steal financial data from online payment forms.
BA said it was unable to comment.
