Once again, an airline finds itself as the subject of a data breach, last week it was Air Canada and now British Airways. News reports on the 6th of September 2018 announced that potentially over 300, 000 customer accounts may have been compromised – including personal information and payment card numbers.
The previous Air Canada breach seems to have impacted smaller numbers of passengers (according to the publicly available information) but it was executed through an attack on the company’s Mobile App. While it may not have risked Payment Card data, reports suggest it did expose passport and other personally identifiable information. Were this in the EU, this would be a notifiable GDPR event.
As Gartner recently observed in their “Market Guide for Application Shielding” in which Inside Secure is recognised as a Representative Vendor:
“Protecting applications that run within untrusted environments is crucial as mobile, IoT and modern web applications migrate software logic to the client side. Security and risk management leaders must harden their application front ends to avoid turning them into an attack vector ”
It seems the airlines haven’t realised, that they are running their Apps, and therefore exposing Customers’ Data, in exactly that – “untrusted environments”.
In the BA example, the attack vector isn’t yet clear, but it affects all those booking online on their website and on their Mobile App. There are a number of areas of concern here and Inside Secure has been delivering solutions to address these – through easily accessible technology.