The British Airways data hackers
Cybersecurity experts have offered some insights into how criminals may have been able to steal thousands of people’s card details from the British Airways website. Hackers breached the airline’s website and app in August and early September, stealing card numbers, expiry dates and security codes along with names and email addresses.
BA chief executive Alex Cruz told the BBC that hackers carried out a “sophisticated, malicious criminal attack”, but the firm revealed no technical details about the breach. However, cybersecurity expert Professor Alan Woodward, from the University of Surrey, said the fact that the company knows exactly when the attack took place provided a clue.
BA said about 380,000 transactions were affected between 10.58pm on Tuesday, August 21 and 9.45pm on Wednesday, September 5. “They very carefully worded the statement to say anybody who made a card payment between those two dates is at risk,” Professor Woodward told the BBC. “It looks very much like the details were nabbed at the point of entry – someone managed to get a script onto the website.”
This means a piece of malicious code may have been capturing customers’ card details as they typed them in. Professor Woodward says this is an increasing problem for websites that embed code from third parties – for example, to authorise payments or host ads – and advises firms to vet third-party code regularly to ensure security.
“You can put the strongest lock you like on the front door, but if the builders have left a ladder up to a window, where do you think the burglars will go?”
Another possibility is that a company insider tampered with the website and app. However, Robert Pritchard, a former cybersecurity researcher at GCHQ, says the fact that the card security codes were captured suggests details were taken as they were typed in, as companies should not be storing these codes.
If your business is working on anti-hacking or cybersecurity software, you’ll probably be interested to know that you might be able to claim tax back from the government through research and development tax credits for software developers.
Don’t be put off because you’re worried that dealing with HMRC is time-consuming – R&D Tax Solutions specialises in UK R&D tax credits, so we can do all the research and form-filling for you. Have a look at our R&D tax calculator to see if you could be eligible, or call our office in Manchester on 0161 298 1010.