British Airways Face Backlash after Data Breach
Data Privacy – are we taking it seriously enough?
As you may have already heard, last week British Airways suffered a serious data breach that saw more than 380,000 accounts compromised.
Despite the apologies, customers flew to Twitter to vent their anger and frustration about their personal and financial information being leaked.
Accordingly to latest reports, 22 lines of JavaScript were injected into their web and mobile applications, skimming customer’s credit card data. RiskIQ’s head researcher detected the use of a script associated with a “threat group” called Magecart, who was responsible for a recent credit card breach at Ticketmaster UK.
The 22 lines of code targeted the data entered into the website’s payment form and was then exported to a malicious server when the submit button was clicked. Transactions were completed as normal, but the hackers received a full copy of the customer’s payment information.
What was stolen?
Names, email addresses and credit card information was taken, including the main credit card number, expiration date and the three-digit [CVV] code on the back of the card.
But the inconvenience doesn’t stop there.
Many customers had to cancel multiple cards that were saved on BA’s systems, having to contact each provider and cancel not only their card but all the direct debits and standing orders associated with those accounts.
Data Duty and Due Diligence
Following the recent changes to Data Privacy, under GDPR, BA could potentially face huge fines from the Information Commissioner’s Office, which is looking into the breach.
This incident, however, goes far beyond fines.
Whilst any website or application can be hacked, a compromise to this extent, and to such a high-profile brand like British Airways, puts a huge dent in consumer confidence when entering personal information online.
Earlier this year, another tech-giant, Facebook, was exposed for its part in the Cambridge Analytica scandal where tens of millions of Facebook user’s personal data was being collected.
A recent survey carried out by the Pew Research Centre shows that users have responded en-mass to such an infringement to their online privacy.
The study shows that over a quarter of US adults have removed the Facebook app from their phone, and an even greater number of users have taken a break from using Facebook altogether.
It concluded that Facebook users aged 18 and older have taken the following actions within the past year:
- 54% of users have adjusted their privacy settings
- 42% have taken a break from checking Facebook for several weeks or longer
- 26% have deleted the Facebook app from their phone
- 74% have done at least one of the above
So, it appears that consumers are taking their privacy much more seriously than before and their data should not be handled with complacency.
74% of UK businesses suffered a Data Breach of some kind in 2016, and, in lieu of GDPR, are you doing enough to protect your customers’ data?
Regular updates and additional security measures should not be overlooked when considering a new website.
We have a number of maintenance plans if time is a factor and additional hosting features that add layers of protection for your business.
To find our more, give us a call or speak to your Account Manager.