When Europe’s GDPR rules came into effect, many large companies worked around the clock to make sure that they were following the new regulations regarding cyber security. British Airways has become the first large scale company to fall under the GDPR rules.
In August of this year, hackers were able to compromise the airlines ticketing service and over the course of two months compromised over 380,000 transactions. The hackers were using a program called Magcart. They used a similar technique to what happened in the Ticketmaster hack. They only held hostage certain information between August 21st and September 5th. They installed their program into the section where people input their credit card information and their program acted like a card skimmer stealing the number and account information.1
While the hack was small in comparison to a hack like Facebook’s, because of the new regulation that went into effect, British Airways could be facing a large fine. Under the new GDPR rules, any company doing business in Europe must do their best to protect their customer’s data. Failure to report a breach within 72 hours of discovery will result in massive fines depending on the size of the company. In the case of British Airways, if it’s determined that they failed in their duty to report this in a timely manner, they will be fine 4% of their net worth. (What is GDPR?)
The British Airways being hacked shows that no one, not even the big companies, are safe from being compromised. Take the opportunity to review your security measures and your coverage including your password management and what to do when you are breached. Notify your clients and your customers quickly and promptly in the event that you are breached.
1https://www.riskiq.com/blog/labs/magecart-british-airways-breach/