Go Back  FlyerTalk Forums > Miles&Points > Airlines and Mileage Programs > British Airways | Executive Club
Reload this Page >

[Updated] 2018 data breach : BA fined £20 million

[Updated] 2018 data breach : BA fined £20 million

Old Jul 8, 2019, 1:41 am
  #31  
 
Join Date: Jun 2013
Location: Roswell, GA
Programs: AA EXP 2.8m,Lifetime PLT, Hilton Diamond, IHG PlLT, SPG Gold
Posts: 3,191
Where do they come up with this figure
fotographer is offline  
Old Jul 8, 2019, 1:42 am
  #32  
 
Join Date: Jan 2019
Posts: 44
Is anyone else who left the SPG Law case now wondering whether it’s worth rejoining or finding another firm?

My details were taken in this breach and several high value transactions attempted on my Amex.
ihatechoosingusernames is offline  
Old Jul 8, 2019, 1:47 am
  #33  
 
Join Date: Dec 2015
Location: UK
Programs: BAEC Silver, *A, Marriott
Posts: 181
Originally Posted by rapidex
With the fine now announced, the court case can move on. I am sure BA will now settle, and I bet it will be more than £183 million.
I am wondering what this does to any potential claims from the financial intermediaries, including banks and the likes of Visa and AmEx.

Also, I would hope that BA does not just settle and move on, but starts to invest in a proper IT infrastructure and appropriate understanding of how crucial strong infrastructure is to basic customer service and service resolution.
Egoldstein is offline  
Old Jul 8, 2019, 1:48 am
  #34  
 
Join Date: Mar 2008
Location: Around somewhere
Programs: Gold, Some red card and some hotel cards.
Posts: 702
Sometimes I look at these fines and think 'What next someone getting fined because there house got broken in to? '
If a company is negligent on a gross scale then fair enough but nothing would stop a determined hacker, they would see it as a challenge.
SonTech is offline  
Old Jul 8, 2019, 1:50 am
  #35  
 
Join Date: Mar 2019
Posts: 133
Originally Posted by ihatechoosingusernames
Is anyone else who left the SPG Law case now wondering whether it’s worth rejoining or finding another firm?

My details were taken in this breach and several high value transactions attempted on my Amex.
Myself, any suggestions which to join? I was in SPG but felt uneasy at the way they were handling it. I'm not sure who else to turn to other than to rejoin them..
Sailbot3310 is offline  
Old Jul 8, 2019, 1:54 am
  #36  
 
Join Date: Aug 2009
Location: North of Watford Gap
Programs: BAEC
Posts: 602
Originally Posted by thebigben
I love how BA is trying to make us believe that a simple XSS attack is "sophisticated".

Maybe I should wear a tuxedo next time I practice my penetration testing skills. Then I'd be sophisticated.
Is this related in any way to your user name?
u01sss3 likes this.
babats is offline  
Old Jul 8, 2019, 1:54 am
  #37  
 
Join Date: Oct 2017
Location: London
Programs: BA Gold / OW Emerald
Posts: 753
Originally Posted by SonTech
Sometimes I look at these fines and think 'What next someone getting fined because there house got broken in to? '
If a company is negligent on a gross scale then fair enough but nothing would stop a determined hacker, they would see it as a challenge.
Picture this: BA has my credit card details but left all doors and windows opened, as they do every day. They also don't have any CCTV or security staff. BA was grossly negligent, without the shadow of a doubt . It's been an interesting case for us tech folks to go over. Even after the data breach was disclosed, the method the attackers could use was still evident if you cared to look at the way their payment page was made.
colm, ParisMoskau, wrp96 and 4 others like this.

Last edited by thebigben; Jul 8, 2019 at 1:59 am
thebigben is offline  
Old Jul 8, 2019, 1:55 am
  #38  
Suspended
 
Join Date: Jun 2008
Posts: 2,246
Originally Posted by Egoldstein
.... I would hope that BA....starts to invest in a proper IT infrastructure and appropriate understanding of how crucial strong infrastructure is to basic customer service and service resolution.
WW doesn’t seem interested.
FlyerTalker39574 is offline  
Old Jul 8, 2019, 1:59 am
  #39  
 
Join Date: Oct 2017
Location: London
Programs: BA Gold / OW Emerald
Posts: 753
Originally Posted by babats
Is this related in any way to your user name?
Not really, I just work in tech My name is Ben and I'm fairly tall, so here goes my username.
thebigben is offline  
Old Jul 8, 2019, 1:59 am
  #40  
 
Join Date: Jan 2019
Posts: 44
Originally Posted by Sailbot3310
Myself, any suggestions which to join? I was in SPG but felt uneasy at the way they were handling it. I'm not sure who else to turn to other than to rejoin them..
None, I’m in the same boat. Left the SPG case because I thought the revised terms weren’t very clear.

I will keep an eye out though with a view to joining a class action ASAP.
ihatechoosingusernames is offline  
Old Jul 8, 2019, 1:59 am
  #41  
 
Join Date: May 2014
Posts: 7,171
Originally Posted by corporate-wage-slave
So just to explain that one a bit more, IAG Global Business Services is now responsible for procurement, central finance and IT services to IAG's airlines. It's office are just to the north of central Kraków (currently, they may be moving elsewhere in the city) but with staff in London, Dublin and Madrid. You will sometimes see their staff whizzing around Europe on BA's aircraft, they seem to come equipped with ThinkPads brandishing the IAG logo. They have a Security Operations Centre, and that got additional resources in the immediate aftermath of the hack.
C-W-S I think that Krakow only has procurement staff; at least, in all my dealings with GBS, the only Poles were the procurement guys (who normally did a good job). The IT division is headed by Bill Francis and is located entirely in London, Madrid and Barcelona (Aer Lingus wasn’t still part of the group and I bet they’re counting their blessings). What you’re saying isn’t necessarily wrong but this isn’t the classical “outsource to Poland, make a mess” that we normally see.
13901 is online now  
Old Jul 8, 2019, 2:08 am
  #42  
 
Join Date: Nov 2018
Location: Belfast
Programs: BA Silver
Posts: 379
Originally Posted by SonTech
Sometimes I look at these fines and think 'What next someone getting fined because there house got broken in to? '
If a company is negligent on a gross scale then fair enough but nothing would stop a determined hacker, they would see it as a challenge.
With regards to a properly secured service, a determined hacker would almost certainly be attacking to cause malicious damage for personal reasons or bring a company into disrepute. From what little I have read, that doesn’t appear the case here.

This is a simple case of stealing customers credit card and personal details for criminal, financial gain with limited effort. In this case, using thebigben’s analogy, if BA had even latched the windows and had a few CCTV cameras it might have made the criminals think again and pick an easier target.
SHT88T is offline  
Old Jul 8, 2019, 2:18 am
  #43  
dsf
 
Join Date: May 2006
Location: Godalming, Surrey, UK.
Programs: Nowt of note.
Posts: 1,616
Originally Posted by SonTech
Sometimes I look at these fines and think 'What next someone getting fined because there house got broken in to? '
If a company is negligent on a gross scale then fair enough but nothing would stop a determined hacker, they would see it as a challenge.
With respect, a housing analogy is misleading and beneficial to BA. Houses typically contain goods only valuable to the owner/residents, i.e. a small surface area. This fine is not for being negligent about BA's own data, it's for reckless negligence about the personal data of their customers. So a better analogy, if we must use one, would be that of a bank with deposits - a bank that was broken into in June, yet they didn't notice until September. Personally I consider that a "gross scale" — regardless of the attack's sophistication, not noticing for three months is extraordinary and very much deserving of a huge fine IMO.
wrp96, Dover2Golf and Egoldstein like this.
dsf is offline  
Old Jul 8, 2019, 2:23 am
  #44  
 
Join Date: Dec 2011
Location: BRS
Programs: BA Gold, Hilton Diamond
Posts: 4,959
Originally Posted by JimEddie
BA’s defence this morning seems to be that “BA responded quickly to a criminal act”
Funny that... I could have sworn Amex told me before BA did!
binman, T8191, wrp96 and 7 others like this.
Schwann is offline  
Old Jul 8, 2019, 2:29 am
  #45  
 
Join Date: Feb 2011
Posts: 5,797
Originally Posted by richardwft
IAG shares are down.
This ICO fine confirms the wrong doing and opens up the possibility of a lot more to come from lawsuits.

IAG shares have been going down and under-performing vs. the industry for some time. Cruz will getting worried at this point i'd think.

Last edited by 1010101; Jul 8, 2019 at 3:22 am
1010101 is offline  

Thread Tools
Search this Thread

Contact Us - Manage Preferences - Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service -

This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.