"Brilliant" attacks British Airways' mobile apps and websites have disclosed the names, e-mail addresses, full credit card details of 380,000 customers.
Of particular ccern is that the attacker captured the three digit CCV security code behind the card. Normally it should not be possible …
During the period from August 21 to September 5, BA collected data transactis made through the applicati and website BBC.
"Name, e-mail address, credit card information – credit card number, expirati date, three digit number [CVV] I put the code the back of the credit card, "says Boss Alex Cruz of BA.
We insist that BA does not store CVV numbers. This is prohibited by internatial standards established by the PCI Security Standards Council.
Security researchers speculate that the details of the card are being intercepted rather than collected from the BA database, as BA stated that the attacker could also obtain the CVV number.
The airline says that ly transactis made between the above dates have been affected and all customers whose details are disclosed have been ctacted. BA promises that affected customers will ctact the bank to cancel the card and compensate for the loss.
BA said that "third parties" warned of security violatis and suggested that they might have been detected by security researchers. If so, we will learn more so.
Police and the information committee office which is a privacy protecti organizati in the UK are investigating. If BA turns out to be faulty, Europe's GDPR privacy law allows airlines to be fined up to 4% of the global annual revenue of up to £ 489 milli (US $ 638 milli) .
Reuters reports …