Go Back  PPRuNe Forums > Flight Deck Forums > Rumours & News
Reload this Page >

BA hacked but they're 'deeply sorry'

Rumours & News Reporting Points that may affect our jobs or lives as professional pilots. Also, items that may be of interest to professional pilots.

BA hacked but they're 'deeply sorry'

Old 8th Sep 2018, 16:49
  #41 (permalink)  
 
Join Date: Aug 2007
Location: inv
Posts: 346
Likes: 0
Received 0 Likes on 0 Posts
About the potential half billion fine. It could well be written in.to the outsourcing contract that any fine etc be paid by the outsourcing company and not BA. So other than reputational damage it could be BA walks away scot free..
Except facing a bill of this size would leave the outsourcing company bankrupt and then BA would still have to pay
scr1 is offline  
Old 9th Sep 2018, 00:46
  #42 (permalink)  
 
Join Date: Mar 2015
Location: antipodies
Posts: 75
Likes: 0
Received 0 Likes on 0 Posts
Possibly we approach the point where your details as an air traveller who actually purchases stuff is worth more than the fare paid?
phylosocopter is offline  
Old 9th Sep 2018, 18:49
  #43 (permalink)  
 
Join Date: Jun 2007
Location: Highbury, London
Age: 66
Posts: 61
Likes: 0
Received 0 Likes on 0 Posts
Originally Posted by RickNRoll
Are they PCI Compliant?
I would be utterly appalled if they weren't - unless they've bullied their acquirer into submission on the basis of their scale and throughput (aka the richness of the pickings for the acquirer). They should at any rate have a shedload of PCI-DSS auditors all over them at the minute. I'm not sure that outsourcing IT transfers the responsibility, either.
3rd_ear is offline  
Old 9th Sep 2018, 19:36
  #44 (permalink)  
 
Join Date: Jan 2008
Location: Hotel Sheets, Downtown Plunketville
Age: 76
Posts: 0
Likes: 0
Received 0 Likes on 0 Posts
Is there any news on any individuals who have had money stolen from their credit cards.
Chronus is offline  
Old 9th Sep 2018, 19:40
  #45 (permalink)  
 
Join Date: Dec 2011
Location: UK
Posts: 952
Likes: 0
Received 1 Like on 1 Post
Posted this on the AAR thread...

I travel all the time like many on here and will happily moan about using Ryanair - but most of the time they will get me there on time, no issues. I've used them 30-40 times in the last 18 months and they are rarely late, if a bit uncomfortable.

I have used BA twice in the last year - first time a return to TLV; there was a total baggage system failure. And now my second trip to NCL, this happens. It’s not really good enough is it?

I didn't lose any money (I've seen some pictures on social media of affected transactions). I did however block my card before going travelling again as banks don’t send cards to hotels or other locations which aren’t your home. In the mean time I still have to pay for flights and hotels on my personal rather than business card. Frustrating.

As for Cruz, I'm not really sure how he still has a job - he seems to be made of teflon over the last couple of years. Aside from strong financial performance, the airline has regressed into a lower division when it comes to product.
Dannyboy39 is offline  
Old 9th Sep 2018, 22:55
  #46 (permalink)  
 
Join Date: Jul 2012
Location: Cambridge, UK
Age: 47
Posts: 14
Likes: 0
Received 0 Likes on 0 Posts
I really don't want to defend BA, but...

Originally Posted by Dannyboy39
I have used BA twice in the last year - first time a return to TLV; there was a total baggage system failure.
...I don't think that one can be blamed on them. I'd imagine all airlines were affected. Equally...

Originally Posted by Dannyboy39
And now my second trip to NCL, this happens. Itís not really good enough is it?
...every company is hackable. BA's loss isn't even particularly big. Heartland Payment Systems lost 130 million cards, TKMaxx lost 94m and Sears lost 90m. The best security techniques will eventually be better by those that value the data hidden away. With the information revealed so far, I've a good idea what might have happened, and many companies would be at risk of a similar attack.

Originally Posted by Dannyboy39
I did however block my card before going travelling again as banks donít send cards to hotels or other locations which arenít your home.
American Express will, on some accounts. In fairness, your do pay handsomely for the services they offer, but they can be good value.
FrontSeatPhil is offline  
Old 10th Sep 2018, 06:20
  #47 (permalink)  
 
Join Date: Aug 2007
Location: england
Posts: 829
Received 0 Likes on 0 Posts
Once again, omnishambles seems to sum up BA’s operation. At least it’s never a dull moment working there. Like many of the staff, I often wonder what we could have achieved had we been led by decent management. But then, you only have to look at the calibration of politicians running the country to see that it must be a cultural thing.
hunterboy is offline  
Old 10th Sep 2018, 06:30
  #48 (permalink)  
 
Join Date: Feb 2003
Location: BHX LXR ASW
Posts: 2,258
Received 0 Likes on 0 Posts
Gone are the days when you could go into a BA shop and pay cash or write a cheque for you flight!
crewmeal is offline  
Old 10th Sep 2018, 08:05
  #49 (permalink)  
 
Join Date: Aug 2007
Location: UK
Age: 54
Posts: 31
Likes: 0
Received 0 Likes on 0 Posts
I work in IT and unfortunately the cost cutting is rampant. Everything is being moved overseas (not that I am saying they are any less capable) but the testing time lines have been trimmed to almost non existent. There was a time when we used to say the testing of our code should be 10 times the actual writing time. Unfortunately, testing is one of the items that has been stripped to the core. Automated testing can NOT match personal testing (rant over). TVDH
Theviewdownhere is offline  
Old 10th Sep 2018, 08:17
  #50 (permalink)  
Tabs please !
 
Join Date: Jun 2004
Location: Biffins Bridge
Posts: 867
Received 68 Likes on 20 Posts
I have visited a few offshore IT establishments and their security has to be seen to be believed. My car was inspected including the underside where the security chap used a pole with a mirror to check for goodness knows what. I doubt he would have recognised anything out of the ordinary. My team were then met by another security bloke who was 5 foot one and weighed about 50 kilos. He sported a baseball cap with a swastika and the work "Security". The symbol is a Hindu good luck charm but my colleagues and I had a little bit of trouble keeping a straight face. We were searched and the camera on our mobiles was spotted. This was resolved (I kid you not) by placing a piece of sticking plaster over the lens and we were then allowed to take our phones on site. The camera lenses on our laptops were ignored.

The following day, we held our phones in our hands above our heads while being searched and walked in minus the sticking plasters.
B Fraser is offline  
Old 10th Sep 2018, 08:32
  #51 (permalink)  
 
Join Date: Aug 2007
Location: UK
Age: 54
Posts: 31
Likes: 0
Received 0 Likes on 0 Posts
B Fraser, I know the feeling. Worked in India rolling out software. Was not allowed to take a pen in to the call centre in case I wrote down a credit card number!! Despite the fact that I had FULL admin privileges to the entire companies databases :-) ...... not that the databases held credit card details (but you get my drift). The most worrying thing about this "breach" is that CVV details should NEVER be held!

Last edited by Theviewdownhere; 10th Sep 2018 at 08:33. Reason: more info
Theviewdownhere is offline  
Old 10th Sep 2018, 08:35
  #52 (permalink)  
Tabs please !
 
Join Date: Jun 2004
Location: Biffins Bridge
Posts: 867
Received 68 Likes on 20 Posts
I also noticed that all of the laptops / desktops used by the staff had USB ports.

B Fraser is offline  
Old 10th Sep 2018, 08:46
  #53 (permalink)  
 
Join Date: Jan 2008
Location: Reading, UK
Posts: 15,430
Received 111 Likes on 60 Posts
Originally Posted by Theviewdownhere
The most worrying thing about this "breach" is that CVV details should NEVER be held!
There's no evidence that they were stored.
DaveReidUK is offline  
Old 10th Sep 2018, 08:56
  #54 (permalink)  
 
Join Date: Aug 2007
Location: UK
Age: 54
Posts: 31
Likes: 0
Received 0 Likes on 0 Posts
DaveReidUK

NOT stored - sorry my mistake - but stolen at source, nasty code, a key stroke logger. It seems a third party plugin had this malicious code.
Theviewdownhere is offline  
Old 10th Sep 2018, 10:46
  #55 (permalink)  
 
Join Date: Jan 2007
Location: Liverpool
Posts: 33
Likes: 0
Received 0 Likes on 0 Posts
Originally Posted by B Fraser
I also noticed that all of the laptops / desktops used by the staff had USB ports.

Do you want them to buy special ones without them? Much simpler just to buy standard hardware and lock down the ports.
Ben_S is offline  
Old 10th Sep 2018, 16:03
  #56 (permalink)  
Tabs please !
 
Join Date: Jun 2004
Location: Biffins Bridge
Posts: 867
Received 68 Likes on 20 Posts
Far better to have the IT wallah remove the USB port cards. Ports can be re-enabled in software.
B Fraser is offline  
Old 10th Sep 2018, 17:38
  #57 (permalink)  
 
Join Date: Jan 2008
Location: Reading, UK
Posts: 15,430
Received 111 Likes on 60 Posts
Originally Posted by B Fraser
Far better to have the IT wallah remove the USB port cards.
On a laptop ? You're kidding, of course.

Originally Posted by B Fraser
Ports can be re-enabled in software.
If your users have admin access to policies on your PCs, then the presence or absence of USB ports is the least of your problems.
DaveReidUK is offline  
Old 10th Sep 2018, 18:52
  #58 (permalink)  
 
Join Date: Jan 2003
Location: Manchester
Age: 45
Posts: 615
Likes: 0
Received 0 Likes on 0 Posts
What I'd love to know is as this appears to be an "internal" 3rd party hack, who the hell is going to investigate it?
Ex Cargo Clown is offline  
Old 10th Sep 2018, 19:44
  #59 (permalink)  
 
Join Date: Feb 2017
Location: Republic of Texas
Posts: 125
Received 6 Likes on 5 Posts
I work in networking in the US. You do NOT want me to start telling stories about security breaches. I'll share one. Last Nov I was asked to go onsite at the federal IRS office in a large US southern state. I went to some of the storage systems where they keep taxpayer records. I typed in the default root password for the machine and on 7 of 11 of the systems - I was into their storage subsystem as root login. I told the on-site wunderkind who had to be all of 19 years old. He said they had already 'hardened them'. I said it needs to be harder than hard. They also have offsite management networks that breaches the comms firewall with no VPN. Oye.....
ethicalconundrum is offline  
Old 11th Sep 2018, 10:15
  #60 (permalink)  
 
Join Date: Jan 2008
Location: Esher, Surrey
Posts: 466
Likes: 0
Received 0 Likes on 0 Posts
https://www.bbc.co.uk/news/technology-45481976
"A cyber-security firm has said it found a malicious script injected into the British Airways website, which could be the cause of a recent data breach that affected 380,000 transactions.
A RiskIQ researcher analysed code from BA's website and app around the time when the breach began, in late August.
He claimed to have discovered evidence of a "skimming" script designed to steal financial data from online payment forms.
BA said it was unable to comment.
beamender99 is offline  

Thread Tools
Search this Thread

Contact Us - Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service - Do Not Sell or Share My Personal Information

Copyright © 2023 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.