Flashpoint and Risk IQ has discovered that British Airways (BA) customers’ details, which were stolen during the airline’s recent hack, could have raised up to £9.4 million.
The research has also revealed that credit card details were on sale for between £6.94 and £38.50 each. According to Vitali Kremez, director of research at Flashpoint, the price disparity is due to the fact some European cards are valued higher than usual.
The hack, attributed to Russian associated group Magecart, saw BA’s website attacked between August 21st and September 5th with 244,000 payment cards compromised.
Formed in 2015, Magecart is a criminal group that has also targeted other major companies including website Ticketmaster. It is reportedly one of the major vendors of compromised online payment information.
The group earns its funds by selling skimmed payment data on a dump of credit card shop.
British Airways Has Yet to Verify Reports of Fraud
A spokesman for BA said: “We contacted affected customers and their card companies at the time so that any necessary action could be taken.”
“As soon as we discovered the data theft, we immediately contacted all affected customers to recommend they contact their banks to cancel or provide extra protection to their cards. We have had no verified cases of fraud since the incident.”
The company suffered backlash on social media, with many users angered the airline for failing to contact them about the breach.
The company’s decision to outsource its IT to save money is something that users have latched onto in their complaints against BA. The hack is significant due to the scale of the payment information stolen, it is almost unprecedented in the UK.
An ICO spokesperson said: “The ICO’s investigation into a cyber attack at British Airways is ongoing. Meanwhile, we advise people who may have been affected to be vigilant when checking their financial records and to follow the advice on the ICO, National Cyber Security Centre and Action Fraud websites about how they can protect themselves and their data online.”