British Airways apologizes after 380,000 customers hit in cyber attack

Commuters pass a British Airways advert on the tube at Canary Wharf station in London, Britain September 7, 2018. REUTERS/Kevin Coombs

By Paul Sandle

LONDON (Reuters) – British Airways was forced to apologize on Friday after the credit card details of hundreds of thousands of its customers were stolen over a two-week period in the most serious attack on its website and app.

The airline discovered on Wednesday that bookings made between Aug. 21 and Sept. 5 had been infiltrated in a “very sophisticated, malicious criminal” attack, BA Chairman and Chief Executive Alex Cruz said. It immediately contacted customers when the extent of the breach became clear.

Around 380,000 card payments were compromised, the airline said, with hackers obtaining names, street, and email addresses, credit card numbers, expiry dates and security codes – sufficient information to steal from accounts.

The attack came 15 months after the carrier suffered a massive computer system failure at London’s Heathrow airport, which stranded 75,000 customers over a holiday weekend.

Shares in BA’s parent, International Airlines Group, were down 2 percent in afternoon trading on Friday.

Cruz said the carrier was “deeply sorry” for the disruption caused by the attack which was unprecedented in the more than 20 years that BA had operated online.

He said the attackers had not broken the airline’s encryption but did not explain exactly how they had obtained the customer information.

“There were other methods, very sophisticated efforts, by criminals in obtaining the data,” he told BBC radio.

IT security company Avast said that based on the limited information available the attackers had probably targeted a gateway between the airline and a payment processor because no travel details had been stolen.

“Quite often, when it’s just a hack of a database somewhere it is hard to identify when something has been compromised,” Avast’s consumer security expert Pete Turner said.

“This feels much more like a transaction-type attack, where data is moving about within the system.”

COMPENSATION

The British government said authorities including the National Cyber Security Centre and the National Crime Agency were working to establish what had happened.

The country’s Information Commissioner’s Office said it had been alerted by BA and it was making inquiries. Under new GDPR data regulations, companies must inform regulators of a cyber attack within 72 hours.

BA advised customers to contact their bank or credit card provider and follow their recommended advice. It also took out ads in national newspapers on Friday.

Cruz said anyone who lost out financially would be compensated by the airline.

Data security expert Trevor Reschke said that like any website which sees large volumes of card transactions, BA was a ripe target for hackers.

“It is now a race between British Airways and the criminal underground,” said Reschke, head of threat intelligence at Trusted Knight.

“One will be figuring out which cards have been compromised and alerting victims, whilst the other will be trying to abuse them while they are still fresh.”

NatWest, one of Britain’s biggest card issuers, said it was receiving higher-than-usual call volumes because of the breach.

It said in a recorded message that its security systems would likely stop any fraud as a result of the hack but anyone affected should look out for unusual activity on their accounts.

IAG said the data breach had been resolved and the website was working normally, and that no travel or passport details were stolen.

After the computer system failure in May 2017, BA said it would take steps to ensure such an incident never happened again, but in July it was forced to cancel and delay flights out of the same airport due to problems with a supplier’s IT systems.

(Reporting by Paul Sandle and James Davey in London and Sangameswaran S and Rama Venkat Raman in Bengaluru; Editing by Keith Weir)

Canada immigration website appears to crash as Trump lead grows

Trump supporters celebrate as election returs come in at Republican U.S. presidential nominee Donald Trump's election night rally in Manhattan, New York,

By Jeffrey Hodgson

TORONTO (Reuters) – Maybe some Americans were serious when they threatened they would move to Canada if Republican presidential candidate became successful in his often polarizing campaign for the White House.

Canada’s main immigration website appeared to suffer repeated outages on Tuesday night as Trump took the lead in several major states and his prospects for winning the U.S. presidency turned markedly higher.

Some users in the United States, Canada and Asia saw an internal serve error message when trying to access the http://www.cic.gc.ca/ website.

Officials for the ministry could not immediately be reached for comment, but the website’s problems were noted by many on Twitter.

After some Americans, often jokingly, said would move to Canada if Trump was elected, the idea has been taken up by some Canadian communities. In February, the island of Cape Breton on Canada’s Atlantic coast marketed itself as a tranquil refuge for Americans seeking to escape should Trump capture the White House.

Martial Cheaters Exposed by Hackers

Users of the website Ashley Madison, which is designed to allow married people to cheat on their spouses, have been exposed to the world after the release of approximately 9.7 gigabytes of user data.

A group of hackers called “The Impact Team” released millions of usernames, real names and purchase information for users of Ashley Madison and a companion site, Established Men, which allows rich men to find young women.

The hackers focused on a portion of the website called “Full Delete” which for $19 has promised to scrub all user information from the site for those who no longer wished to use it.

In 2014, the “Full Delete” feature netted $1.7mm in revenue for the company that owns both websites, Avid Life Media (ALM).

“[Full Delete is] also a complete lie,” the Impact Team wrote after the hack last month. “Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed.”

“…Too bad for ALM, you promised secrecy but didn’t deliver.”

The hackers then made their next threat.

“Avid Life Media has been instructed to take Ashley Madison and Established Men offline permanently in all forms, or we will release all customer records, including profiles with all the customers’ secret…fantasies and matching credit card transactions, real names and addresses, and employee documents and emails,” the hackers wrote in a statement following the breach.

Brian Krebs, the cybersecurity reporter with the Washington Post, wrote on the newspaper’s website that he had contacted three sources who were listed in the data dump and the sources verified the information was accurate.

“It is an illegal action against the individual members of AshleyMadison.com, as well as any freethinking people who choose to engage in fully lawful online activities. The criminal, or criminals, involved in this act have appointed themselves as the moral judge, juror, and executioner, seeing fit to impose a personal notion of virtue on all of society,” officials from Ashley Madison’s parent company Avid Life Media wrote in a statement.

“We will not sit idly by and allow these thieves to force their personal ideology on citizens around the world. We are continuing to fully cooperate with law enforcement to seek to hold the guilty parties accountable to the strictest measures of the law,” the statement continued.

Army Website Hit By Syrian Hackers

The U.S. Army’s official website was taken down Monday by hackers who claim they were the Syrian Electronic Army.

The attack forced the Army to take army.mil offline to protect from further damage.

The hacking comes less than a week after the discovery of Chinese hackers breaking into several important federal government servers that housed the personal information of millions of federal employees.

“Today an element of the Army.mil service provider’s content was compromised,” Army Brig. Gen. Malcolm Frost said in a statement. “After this came to our attention, the Army took appropriate preventive measures to ensure there was no breach of Army data by taking down the website temporarily.”

The Syrian Electronic Army launched in 2011 with a stated goal of attacking the enemies of the Syrian government.  They claim to not be officially connected to the Syrian government.

The Army has been the target of hacking in the recent past.  Five months ago the website was hit by pro-ISIS hackers who posted messages on the Army’s YouTube and twitter accounts.