A cyberexpert’s view on the British Airways data breach 2018-09-28T12:39:22+01:00
data hackers

The British Airways data hackers

Cybersecurity experts have offered some insights into how criminals may have been able to steal thousands of people’s card details from the British Airways website. Hackers breached the airline’s website and app in August and early September, stealing card numbers, expiry dates and security codes along with names and email addresses.

BA chief executive Alex Cruz told the BBC that hackers carried out a “sophisticated, malicious criminal attack”, but the firm revealed no technical details about the breach. However, cybersecurity expert Professor Alan Woodward, from the University of Surrey, said the fact that the company knows exactly when the attack took place provided a clue.

BA said about 380,000 transactions were affected between 10.58pm on Tuesday, August 21 and 9.45pm on Wednesday, September 5. “They very carefully worded the statement to say anybody who made a card payment between those two dates is at risk,” Professor Woodward told the BBC. “It looks very much like the details were nabbed at the point of entry – someone managed to get a script onto the website.”

This means a piece of malicious code may have been capturing customers’ card details as they typed them in. Professor Woodward says this is an increasing problem for websites that embed code from third parties – for example, to authorise payments or host ads – and advises firms to vet third-party code regularly to ensure security.

“You can put the strongest lock you like on the front door, but if the builders have left a ladder up to a window, where do you think the burglars will go?”

Another possibility is that a company insider tampered with the website and app. However, Robert Pritchard, a former cybersecurity researcher at GCHQ, says the fact that the card security codes were captured suggests details were taken as they were typed in, as companies should not be storing these codes.

If your business is working on anti-hacking or cybersecurity software, you’ll probably be interested to know that you might be able to claim tax back from the government through research and development tax credits for software developers.

Don’t be put off because you’re worried that dealing with HMRC is time-consuming – R&D Tax Solutions specialises in UK R&D tax credits, so we can do all the research and form-filling for you. Have a look at our R&D tax calculator to see if you could be eligible, or call our office in Manchester on 0161 298 1010.

Average R&D tax claim is £56,000

Ask us to review your R&D tax relief claim on your behalf. With our unique fee strcuture you don't pay us a penny until your R&D claim succeeds and provides a benefit to your business!

Start A Claim With Us
Partners and Accountants

Our Partners

Working with R&D Tax Solutions enables your service offering to be extended without jeopardising client service or quality. We are the trusted R&D partner for a variety of businesses. Our team enables the partnerships to flourish with clear transparency of services provided and benefits obtained. Whether you are a boutique consultancy with a select few clients, or an accounting practice with a wide variety of clients our team will give you the peace of mind that your clients interests are our priority.

Find Out More

Any questions? Talk to our R&D tax Specialists

0161 298 1010