British Airways has suffered a data breach. Or, more appropriately, British Airways' customers have suffered a data breach and have had their information stolen by hackers.
From the BBC:
The airline said personal and financial details of customers making or changing bookings had been compromised.About 380,000 transactions were affected, but the stolen data did not include travel or passport details.
What data was stolen?
"It was name, email address, credit card information - that would be credit card number, expiration date and the three digit [CVV] code on the back of the credit card," said BA boss Mr Cruz.
How did the hackers get CCV numbers if BA didn't store them?
security researchers have speculated that the card details were intercepted, rather than harvested from a BA database.
So, if you were affected, what should you do?
- Change your BA password immediately.
- Make sure you don't use the same password for any other logins. If you do, change them all to something unique per login.
- If your credit card data was compromised, get a replacement card as soon as possible.
- Be on the lookout for phishing and similar attacks that try to scam victims. Don't click on any links in any messages; always go directly to a website yourself.
- Monitor your accounts regularly for the next long while and report anything that looks suspicious.
The attack on British Airways follows a hack of Air Canada late last month.
Hopefully, it helps spur the adoption of technologies like Apple Pay, which doesn't provide the credit card or CCV number ever, but instead generates a unique token each time which, if intercepted, is not useful for any subsequent transactions.
