Hacker attaccano il sito di BA: a rischio le carte di credito

[Flug]

Acquistato volo BA il 4 settembre. Anch'io sono incappato nell'hacking. Risultavano pagamenti anomali per ca. 365 € subito "cancellati" dalla carta di credito, per cui non ho subito "furti" di denaro. Molti disagi per il blocco immediato della carta ed, ancora, in attesa della nuova. Questa la e-mail ricevuta da BA.
"Dear Mr Flug
Thanks for getting in touch about the recent data theft incident, via our Director of Brand and Customer Experience, Carolina Martinoli. As a member of her team, I've been asked to respond to you on his behalf. Please accept my apologies for the delay in getting back to you and also for any inconvenience or concern this may have caused you.
Our investigations to date confirm the theft occurred from 22:58 (BST) on 21 August 2018 until 21:45 (BST) on 05 September 2018 inclusive. Accordingly, you would only be affected by this if you made, or changed, a booking during this time on ba.com or the mobile app. We want to reassure you that our website and mobile app are now working normally.
The personal information compromised includes name, billing address, email address and all payment card information. This includes your card number, expiry date and CVV. No passport or travel details were stolen. As we wrote to you previously, unfortunately this information could be used to conduct fraudulent transactions using your bank or credit card account. Any passengers on the booking who have payment cards saved with us are not impacted, unless their card was used to make payment for the booking between 22:58 (BST) on 21 August 2018 until 21:45 (BST) on 05 September 2018 inclusive.
I understand from your email you have noticed a fraudulent transaction on your account. In the first instance, please contact your bank or credit card provider and follow their recommended advice.
It’s important you’re not out of pocket as a consequence of the data theft so we have partnered with the banks and credit card providers to ensure you are reimbursed as swiftly as possible. In the first instance, the card provider should be your point of contact to analyse any suspicious payments and make sure you get any funds re-credited as quickly as possible. If you have any incidental costs which are not covered, you should contact us in writing. In order for us to review your claim, please provide us with the following details:
• The booking reference created between 22:58 (BST) on 21 August 2018 until 21:45 (BST) on 05 September 2018.
• The actual date you made your booking.
• The email address and contact number in the booking that was created.
• Any receipts and/or bank statements to support your claim.
Additionally, please could you confirm that you are not making a claim with your bank, credit card provider or any insurance policy you may hold for these same incidental expenses".
Speriamo solo che, alla fine, BA voglia riconoscerci una qualche forma di risarcimento per il disagio che stiamo, incolpevolmente, subendo.

 

[Baggios]

Il dispositivo evidenzia il modello di movimenti automatici periodici, abbastanza frequenti e qualifica tali fenomeni come le convulsioni. Questo, ovviamente, maleducato. Probabilmente sarebbe possibile aggiungere elementi di machine learning alla logica del dispositivo, per fare un'analisi più sottile delle componenti periodiche dei movimenti della mano https://www.cintapunto.it, ma allora l'orologio sarebbe già più delle dimensioni e costerebbe di più.

 

[Cesare.Caldi]

Le ultime notizie dicono che l’hacking sia avvenuto in estremo oriente: è stato inserito un malware che leggeva e faceva screengrab dei dati mentre questi venivano inseriti dall’utente di turno, dati che venivano poi trasmessi ad un server in Europa dell’est. Sembra che BA si sia accorta abbastanza velocemente della cosa (un noto motore di ricerca sembra ci abbia impiegato 5 mesi…), e che il tutto sia stato scoperto grazie ad un cliente BA che si è accorto di strani accessi alle proprie carte di credito ed abbia allertato la compagnia.

I clienti interessati dovrebbero essere circa 150.000 ma, per scrupolo, BA ne ha allertati più del doppio e, per accelerare la diffusione della notizia, ha prima divulgato l’informazione alla stampa e poi cominciato a trasmettere le mail.

Al momento non ci sono notizie di attività fraudolente con i dati delle carte rubate, ed il sospetto degli investigatori è che si sia trattato di operazione in conto terzi, per vendere le carte sul dark web.

Mi sembra incredibile che una vicenda di questa rilevanza non sia stata per nulla riportata con rilevanza dalla stampa e media italiani.

 

[Viking]

Cesare, fosse stato un problema di hackeraggio dei sistemi AZ avresti avuto titoloni ovunque. Qui si tratta di compagnia NON italiana e il problema ha coinvolto solo 150K account worldwide. Prova a fare il rapporto nr. totale clienti BA/account compromessi/clienti italiani coinvolti e vedrai che i numeri non meritano la visibilità che tu chiedi.

 

[AZ209]

Aggiornamento:

BA probe uncovers further customer data breach

British Airways has admitted to being subjected to another extensive passenger data breach which took place weeks before a highly-public cyber attack in August-September.
Investigations have revealed that the perpetrators might have stolen additional personal data from customers making reward bookings between 21 April and 28 July this year.
Parent company IAG had already been probing an attack which took place over a two-week window from 21 August to 5 September, originally indicating that some 380,000 transactions might have been compromised – although this figure has since been reduced to 244,000.
But IAG says that, following an investigation, it is also alerting the holders of 185,000 payment cards – holders who had not previously been notified – that their data has “potentially been compromised”.
It says this decision is a “prudent” response, pointing out that the airline “does not have conclusive evidence” that the information was removed from its systems.
But the figure of 185,000 includes 77,000 payment cards in which the crucial card verification value number, a security code, is among the affected data.
BA says it is advising customers to contact their bank or card provider as a precaution, although the airline also states that it has had no verified cases of fraud since its discovery of the August-September attack.
Its update on the investigation came hours after its Oneworld alliance partner Cathay Pacific admitted to a huge breach of personal data involving some 9.4 million passengers. FG

 

[13900]

Questo e' il balletto di cifre messo nell'Intranet: direi che hanno sparigliato le carte a tal punto che non ci si capisce piu' una bega. Quelli originalmente hackerati sono meno di quanto si pensasse; pero' ce ne sono altri. Pero' CX e' peggio.

Morale della favola, il CIO di IAG GBS e' ancora in sella. Quell'uomo e' coperto di Teflon.

We've been working in partnership with the National Crime Agency and specialist cyber forensic experts to fully understand the customer data theft announced in September.


Today we are updating some of our customers with further information, as the investigation draws to a close.

The investigation has revealed that the hackers may have stolen additional personal data and we are getting in touch with 77,000 payment card holders to notify them that some of their data and their payment card CVV codes may have been compromised. We're also contacting a further 108,000 customers whose data and card details, but not CVV codes, may have been stolen. The potentially impacted customers were those only making reward point bookings on BA.com between April 21 and July 28, 2018, and who used a payment card.

Also revealed in the investigation, fewer of the customers we originally announced were impacted by the data theft. We announced an estimated 380,000 payment card details were involved back in September, and we now know that 244,000 were affected.

There's no conclusive evidence that any customer data was removed from our systems, but we believe in taking a prudent approach in notifying potentially affected customers, advising them to contact their bank or card provider as a precaution. Customers who are not contacted by us by Friday 26 October at 1700 GMT do not need to take any action.

As before, we will reimburse any customers who have suffered financial losses as a direct result of the data theft and we will be offering credit rating monitoring, provided by specialists in the field, to any affected customer who is concerned about an impact to their credit rating.

The same guidance and support applies to BA colleagues who might be affected.

It's worth being clear that, since our announcement of the data theft in September, we can confirm that we have had no verified cases of payment card fraud affecting any of our customers. In the news yesterday, Cathay Pacific airlines announced the theft of 9.4 million customer records including passport details, payment card information and other sensitive data in the latest cyber-attack on the airline industry

 

[AZ209]

Ma qui si parla di un secondo data breach.
Il primo riguardava transazioni fatte fra il 21/8 e il 05/09. Qui invece si parla di transazioni fatte fra il 21/04 e il 28/07.

EDIT - infatti mi e' appena arrivata email da Amex - cosa che a suo tempo infatti non avevo ricevuto.

 

[13900]

Ah, boh. Chi ci capisce qualcosa e' bravo. La gestione della faccenda e' identica a quella dell'outage di Maggio 2017. tutto segreto, tutto nascosto, non chiedere e non ti saranno raccontate bugie. IAG GBS non si discute.

 

[AlicorporateUK]

Ricevuta ieri (the joys):

Dear Customer,

On 6 September 2018, we regrettably announced that we were the target of a criminal data theft involving the personal and financial details of customers making or changing bookings at ba.com, or via the British Airways app.

Since then we’ve been conducting a thorough investigation with specialist cyber forensic investigators, liaising with the National Crime Agency. As a result of the investigation I am writing to let you know that you may have been affected by the data theft, when you made a reward booking between 21 April and 28 July 2018.

While we do not have conclusive evidence that the data was removed from British Airways’ systems, it is possible your personal data may have been compromised. This includes your full name, billing address, email address and payment card number, expiry date and CVV. As a precaution we recommend you contact your bank or card provider and follow their advice.

We are very sorry that this criminal activity has occurred. We’ll reimburse our customers who have suffered financial losses as a direct result of the theft of their payment card details. For your reassurance, we’re offering you free credit and identity monitoring services, provided by Experian, one of the UK’s leading Credit Reference agencies.

Your free ProtectMyID membership

To help you to monitor your personal information for certain signs of potential identity theft, we are offering you a free 12-month membership to Experian ProtectMyID. This service helps detect misuse of your personal data and provides you with identity monitoring support, focussed on the identification and resolution of identity theft.

Activating your free ProtectMyID membership

1. Ensure that you sign up for the service by 31 January 2019. Your code expires after this date.
2. Visit the ProtectMyID website to get started.
3. Click on ‘Join ProtectMyID’ (top right-hand side).
4. Enter your details along with the following activation code: REDACTED
This code is unique to you and only available in this email – please keep this email for reference.

Once your membership is activated, you'’ll have access to the following features:

1. Unlimited access to your Experian Credit Report.
2. Credit Alerting – an email or text to let you know when certain changes happen on your Experian Credit Report, such as the addition of a new credit search.
3. Access to an Identity Theft Resolution service if you do become a victim of fraud, where you’ll have a dedicated case worker who will support you in resolving fraud that has occurred.
4. If you are at higher risk of fraud, Experian can add protective Cifas registration to your credit report which can help prevent credit being taken in your name. The Cifas Protective Registration service places a flag alongside your name and personal details in the National Fraud Database. Companies and organisations who are signed up as members of the database will see you’re at risk and take extra steps to protect you.

If you have any questions regarding this service, then please contact Experian’s Customer Support Centre on 03444 818182*. They are open Monday to Friday, 8am to 8pm and Saturday, 9am to 5pm.

Once again, we truly apologise for any worry and inconvenience this criminal activity has caused. Our contact numbers can be found at ba.com, or you can email our Data Protection Officer at DPO@ba.com.

Yours faithfully,

Alex Cruz

G

 

[AlicorporateUK]

Group action (!) — https://www.badatabreach.com/

Comunque parlavo pochi istanti fa con Amex (chiedevo di riemettere la carta anche se non ho notato attività sospette — ‘just to be on the safe side’) e mi confermavano che questo è un caso diverso/separato da quello di qualche settimana fa. Insomma, 2 eventi abbastanza gravi nel giro di breve tempo più il modo in cui lo stanno affrontando (e.g. la mail di Amex che arriva con largo anticipo rispetto a quella della compagnia aerea stessa...) — cose che di certo non t’aspetti da un vettore come BA ma tant’è. Shambles.

G

 

[AZ209]

Metto qui visto che anche CX ha avuto un problema simile.

Complexity of cyber attack delayed disclosure: Cathay

Cathay Pacific says the complexity of the cyber attack it encountered earlier this year was why the airline took 10 months from initial discovery to disclose the security breach.
In a written submission prepared for a joint meeting with regulators scheduled for 14 November, the airline shares that the attack “involved a number of complex systems that took significant time to analyse.”
“An enormous amount of work was involved in the investigation, which was highly technical. The process by which the stolen data could be identified, processed and linked to a specific passenger also contributed to the length of time involved between initial discovery and public disclosure.”
It emphasized, however, that it determined early on that its operations and flight safety systems were not impacted and that flight safety was never compromised.
The Hong Kong carrier made public on 25 October that it suffered a data breach that compromised the personal information of 9.4 million passengers. The breach saw 12 fields of data compromised including names, identify and passport numbers, frequent flyer information, contact details and travel history.
In the written submission, Cathay says investigations first commenced in March when it detected suspicious activity on its network. Even during this phase, where it focused on investigation, containment and remediation, it was hit by further attacks. These were “most intense” in March, April and May but continued thereafter.
“These ongoing attacks also expanded the scope of potentially accessed data, making the challenge of understanding it more lengthy and complex in phase two of the investigation.”
The second phase of investigation involved confirming which data had been accessed and whether they could be read by attackers, with conclusions proving “difficult and time-consuming” and only reached in mid-August.
The third phase was targeted at determining the types of personal data that pertain to each affected passenger and notification.
Cathay adds that it has spent over HK$1billion ($128 million) on IT infrastructure and security over the past three years and that it will grow its team of IT security specialists.
“We take our responsibilities with respect to our passengers’ personal data very seriously and we acknowledge that there are many lessons that we can and will learn from this event.” FG

 

[13900]

10 mesi per annunciare l'hack? Ne si esce quasi bene, a confronto...