Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan
Credits: The Register
The UK Information Commissioner’s Office has warned BA it faces a whopping £183.39m following the theft of million customer records from its website and mobile app servers.
The record-breaking fine – more or less the lower end of the price of one of the 747-800s in BA’s fleet – under European General Data Protection Regulation (GDPR), represents 1.5 per cent of BA’s world-wide revenue in 2017.
Information Commissioner Elizabeth Denham said: “People’s personal data is just that – personal. When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience. That’s why the law is clear – when you are entrusted with personal data you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”
The breach hit almost 500,000 people. The ICO statement reveals the breach is believed to have started in June 2018, previous statements from BA said it began in late August. The data watchdog described the attack as diverting user traffic from BA’s site to a fraudulent site.
ICO investigators found a variety of information was compromised including log-in details, card numbers, names, addresses and travel information.
Sophisticated card skimming group Magecart, which also hit Ticketmaster, was blamed for the data slurp. The group is believed to have exploited third party scripts, possibly modified JavaScript, running on BA’s site to gain access to the airline’s payment system.
Such scripts are often used to support marketing and data tracking functions or running external ads.
The Reg revealed that BA parent company IAG was in talks with staff to outsource cyber security to IBM just before the hack was carried out.
The ICO acted as lead investigator but liaised with several other European Union regulators. It said BA cooperated with its investigation and had now made security improvements to its site.
BA and the other regulators now have 28 days to make representations to reduce the fine.
In response, the airline said it was disappointed in the fine because it cooperated fully and had found no evidence that the stolen cards were used. It said it would make representations and appeal the decision.
www.extremehacking.org
Sadik Shaikh | Cyber Suraksha Abhiyan, Ethical Hacking Training Institute, CEHv10,CHFI,ECSAv10,CAST,ENSA, CCNA, CCNA SECURITY,MCITP,RHCE,CHECKPOINT, ASA FIREWALL,VMWARE,CLOUD,ANDROID,IPHONE,NETWORKING HARDWARE,TRAINING INSTITUTE IN PUNE, Certified Ethical Hacking,Center For Advanced Security Training in India, ceh v10 course in Pune-India, ceh certification in pune-India, ceh v10 training in Pune-India, Ethical Hacking Course in Pune-India