BA faces £183m fine over data breach

Old Jul 8, 19, 1:41 am
  #31  
 
Join Date: Jun 2013
Location: Roswell, GA
Programs: AA EXP 2.8m,Lifetime PLT, Hilton Diamond, IHG PlLT, SPG Gold
Posts: 1,808
Where do they come up with this figure
fotographer is offline  
Old Jul 8, 19, 1:42 am
  #32  
 
Join Date: Jan 2019
Posts: 28
Is anyone else who left the SPG Law case now wondering whether it’s worth rejoining or finding another firm?

My details were taken in this breach and several high value transactions attempted on my Amex.
ihatechoosingusernames is offline  
Old Jul 8, 19, 1:47 am
  #33  
 
Join Date: Dec 2015
Location: UK
Programs: BAEC Silver, *A, Marriott
Posts: 181
Originally Posted by rapidex View Post
With the fine now announced, the court case can move on. I am sure BA will now settle, and I bet it will be more than £183 million.
I am wondering what this does to any potential claims from the financial intermediaries, including banks and the likes of Visa and AmEx.

Also, I would hope that BA does not just settle and move on, but starts to invest in a proper IT infrastructure and appropriate understanding of how crucial strong infrastructure is to basic customer service and service resolution.
Egoldstein is offline  
Old Jul 8, 19, 1:48 am
  #34  
 
Join Date: Mar 2008
Location: Around somewhere
Programs: Bronze, Some red card and some hotel cards.
Posts: 353
Sometimes I look at these fines and think 'What next someone getting fined because there house got broken in to? '
If a company is negligent on a gross scale then fair enough but nothing would stop a determined hacker, they would see it as a challenge.
SonTech is offline  
Old Jul 8, 19, 1:50 am
  #35  
 
Join Date: Mar 2019
Posts: 47
Originally Posted by ihatechoosingusernames View Post
Is anyone else who left the SPG Law case now wondering whether it’s worth rejoining or finding another firm?

My details were taken in this breach and several high value transactions attempted on my Amex.
Myself, any suggestions which to join? I was in SPG but felt uneasy at the way they were handling it. I'm not sure who else to turn to other than to rejoin them..
Sailbot3310 is offline  
Old Jul 8, 19, 1:54 am
  #36  
 
Join Date: Aug 2009
Location: North of Watford Gap
Programs: BAEC
Posts: 507
Originally Posted by thebigben View Post
I love how BA is trying to make us believe that a simple XSS attack is "sophisticated".

Maybe I should wear a tuxedo next time I practice my penetration testing skills. Then I'd be sophisticated.
Is this related in any way to your user name?
u01sss3 likes this.
babats is offline  
Old Jul 8, 19, 1:54 am
  #37  
 
Join Date: Oct 2017
Location: London
Programs: BA Gold / OW Emerald
Posts: 612
Originally Posted by SonTech View Post
Sometimes I look at these fines and think 'What next someone getting fined because there house got broken in to? '
If a company is negligent on a gross scale then fair enough but nothing would stop a determined hacker, they would see it as a challenge.
Picture this: BA has my credit card details but left all doors and windows opened, as they do every day. They also don't have any CCTV or security staff. BA was grossly negligent, without the shadow of a doubt . It's been an interesting case for us tech folks to go over. Even after the data breach was disclosed, the method the attackers could use was still evident if you cared to look at the way their payment page was made.
colm, ParisMoskau, wrp96 and 4 others like this.

Last edited by thebigben; Jul 8, 19 at 1:59 am
thebigben is offline  
Old Jul 8, 19, 1:55 am
  #38  
 
Join Date: Jun 2008
Posts: 1,653
Originally Posted by Egoldstein View Post
.... I would hope that BA....starts to invest in a proper IT infrastructure and appropriate understanding of how crucial strong infrastructure is to basic customer service and service resolution.
WW doesn’t seem interested.
richardwft is offline  
Old Jul 8, 19, 1:59 am
  #39  
 
Join Date: Oct 2017
Location: London
Programs: BA Gold / OW Emerald
Posts: 612
Originally Posted by babats View Post
Is this related in any way to your user name?
Not really, I just work in tech My name is Ben and I'm fairly tall, so here goes my username.
thebigben is offline  
Old Jul 8, 19, 1:59 am
  #40  
 
Join Date: Jan 2019
Posts: 28
Originally Posted by Sailbot3310 View Post
Myself, any suggestions which to join? I was in SPG but felt uneasy at the way they were handling it. I'm not sure who else to turn to other than to rejoin them..
None, I’m in the same boat. Left the SPG case because I thought the revised terms weren’t very clear.

I will keep an eye out though with a view to joining a class action ASAP.
ihatechoosingusernames is offline  
Old Jul 8, 19, 1:59 am
  #41  
 
Join Date: May 2019
Posts: 164
Originally Posted by corporate-wage-slave View Post
So just to explain that one a bit more, IAG Global Business Services is now responsible for procurement, central finance and IT services to IAG's airlines. It's office are just to the north of central Kraków (currently, they may be moving elsewhere in the city) but with staff in London, Dublin and Madrid. You will sometimes see their staff whizzing around Europe on BA's aircraft, they seem to come equipped with ThinkPads brandishing the IAG logo. They have a Security Operations Centre, and that got additional resources in the immediate aftermath of the hack.
C-W-S I think that Krakow only has procurement staff; at least, in all my dealings with GBS, the only Poles were the procurement guys (who normally did a good job). The IT division is headed by Bill Francis and is located entirely in London, Madrid and Barcelona (Aer Lingus wasn’t still part of the group and I bet they’re counting their blessings). What you’re saying isn’t necessarily wrong but this isn’t the classical “outsource to Poland, make a mess” that we normally see.
13901 is offline  
Old Jul 8, 19, 2:08 am
  #42  
 
Join Date: Nov 2018
Location: Belfast
Programs: BA Silver; HH Silver
Posts: 82
Originally Posted by SonTech View Post
Sometimes I look at these fines and think 'What next someone getting fined because there house got broken in to? '
If a company is negligent on a gross scale then fair enough but nothing would stop a determined hacker, they would see it as a challenge.
With regards to a properly secured service, a determined hacker would almost certainly be attacking to cause malicious damage for personal reasons or bring a company into disrepute. From what little I have read, that doesn’t appear the case here.

This is a simple case of stealing customers credit card and personal details for criminal, financial gain with limited effort. In this case, using thebigben’s analogy, if BA had even latched the windows and had a few CCTV cameras it might have made the criminals think again and pick an easier target.
SHT88T is offline  
Old Jul 8, 19, 2:18 am
  #43  
dsf
 
Join Date: May 2006
Location: Surbiton, Surrey, UK.
Programs: BA Gold
Posts: 1,499
Originally Posted by SonTech View Post
Sometimes I look at these fines and think 'What next someone getting fined because there house got broken in to? '
If a company is negligent on a gross scale then fair enough but nothing would stop a determined hacker, they would see it as a challenge.
With respect, a housing analogy is misleading and beneficial to BA. Houses typically contain goods only valuable to the owner/residents, i.e. a small surface area. This fine is not for being negligent about BA's own data, it's for reckless negligence about the personal data of their customers. So a better analogy, if we must use one, would be that of a bank with deposits - a bank that was broken into in June, yet they didn't notice until September. Personally I consider that a "gross scale" — regardless of the attack's sophistication, not noticing for three months is extraordinary and very much deserving of a huge fine IMO.
wrp96, Dover2Golf and Egoldstein like this.
dsf is offline  
Old Jul 8, 19, 2:23 am
  #44  
 
Join Date: Dec 2011
Location: BRS
Programs: BA Gold, Hilton Gold
Posts: 1,353
Originally Posted by JimEddie View Post
BA’s defence this morning seems to be that “BA responded quickly to a criminal act”
Funny that... I could have sworn Amex told me before BA did!
binman, T8191, wrp96 and 7 others like this.
Schwann is offline  
Old Jul 8, 19, 2:29 am
  #45  
 
Join Date: Feb 2011
Posts: 5,590
Originally Posted by richardwft View Post
IAG shares are down.
This ICO fine confirms the wrong doing and opens up the possibility of a lot more to come from lawsuits.

IAG shares have been going down and under-performing vs. the industry for some time. Cruz will getting worried at this point i'd think.

Last edited by 1010101; Jul 8, 19 at 3:22 am
1010101 is offline  

Thread Tools
Search this Thread