British Airways faced a serious data breach last week in which 380,000 passenger transactions were affected. Hackers stole the customers' names, email addresses and credit card details. What action is being taken? The airline posted on social media and began sending emails to affected customers within hours. Customers were advised to contact their bank or credit card provider and cancel the credit cards they had used to make bookings during the window of time affected.
Alex Cruz, British Airways' CEO, has said that any customers who have been financially affected by the breach will be fully compensated. Of equal (or greater) concern though is what might have happened to the stolen data that is in the hands of the hackers - as this could now be used by other criminals.
Reputational damage Cyber security firm RiskIQ has suggested that malicious code in the British Airways website could be the cause of the breach. This is the first time the airline's website has been hacked since it launched over twenty years ago, but it has been suggested that BA could have done more to make the site secure and ensure any weaknesses were identified.
The airline's Twitter feed shows a large number of unhappy customers, some of whom were stranded abroad without access to funds. Many were disappointed by the airline's slow response in sending out emails, and by the apparent lack of helpful information given.
How you can help to prevent a data breach in your organisation ISO27001 Information Security Management is an internationally recognised Standard and takes into account the differing needs of businesses. An organisation that processes third party information will need to ensure information is not accessed by the wrong people while in their hands or while being transferred electronically to others. ISO27001 provides the framework for this and the means of obtaining independent verification of systems by internationally recognised accredited assessors.
To find out how Penarth Management Limited can support your organisation to achieve satisfactory certification to ISO27001, please contact us at firstname.lastname@example.org or on 029 2070 3328.