BA hacked

By | Category: Travel news

tal fins of British Airways planesNew that the British Airways website has been hacked and that up to 380,000 people’s financial details have been compromised is surely a sign of the times.

It follows on from hacking into sites in the travel industry such as booking.com and Thomas Cook Airlines via a Scandinavian travel agency it owned. Increasingly it seems that we will have to face more of the problems that hacking can cause as criminals seem to think that this is easier money than robbing a bank or nicking a purse – that is provided they have the sophisticated know-how to do it in the first place.

BA says that the breach was limited to 22:58 BST August 21 2018 until 21:45 BST September 5 2018 and only during that period so if you bought a ticket during that time or altered a booking then contact your bank or credit card provider depending on how you paid. The advice from them will probably be to change all your pin numbers that you use for the BA website and replace your cards. If you are affected BA should have contacted you by now.

It looks as though it was limited to just the BA website and not any of the other companies in the holding company’s portfolio of other airlines like Aer Lingus, Iberia and Vueling. It also appears that British Airways Holidays was not compromised.  There are also no reports that other airlines connected to BA via the oneworld alliance are affected.

BA says that anyone affected will be reimbursed but it does leave a number of concerns that both companies and regulators have to address.

The first of these is companies have to spend more time and effort in maintaining their websites. Should they engage legal hackers once a year or as frequently as is thought acceptable to try and hack their sites so that they and we can be sure of the safety of the sites. Should that be a condition of operation and enforced by the CAA? Should governments insist that publically quoted companies report on the robustness of their websites in their annual reports and confirm what has been done in the year to make systems more robust? Should all companies have to annually issue a hacking assessment?

For the passenger there is little that they can do other than using individual passwords for each site they visit. That is onerous and very difficult since online activity takes up so much of our lives.  I have regular access to 49 different sites for a variety of purposes all of which require password entry. Do I have 49 passwords? No, I have just 14 and the difficulty in remembering that number is bad enough. How many times have you had to send a password reset request?

Passwords present a real weakness in the system. Maybe eye recognition is the short term solution but you feel that hackers are just ahead in the game and that companies practise catch-up.

Yesterday there were questions to the Department of Culture etc in the House of Commons about data protection. There it was said that publishing a national data strategy was the government’s plan. I hope that it contains something about the role of companies on protecting data.

If you enjoyed this post, please consider subscribing to the RSS feed to have future articles delivered to your feed reader.
Tags: , , ,