Join our subscribers
British Airways security incident garners record GDPR fine
Tuesday, July 9, 2019
The ICO plans to levy a record GDPR fine of nearly $230 million against British Airways for a security incident that led to 500,000 customers having their data compromised.
Ilia Kolochenko, founder and CEO of application security firm ImmuniWeb, based in Geneva, said it depends on whether the JavaScript library in question was actually located on British Airways' resources or not.
"Nowadays, there are many convoluted avenues to inject malicious code into legitimate pages. For example, sometimes developers mistype the domain name where an external [JavaScript] library is hosted, and attackers simply register the domain and place a malware there instead of the library," Kolochenko said. "Other companies purchase their own domains to host third-party code and then forget to renew the domains, ceding this opportunity to malicious actors."
Ido Safruti, CTO and co-founder of web application security vendor PerimeterX, based in San Mateo, Calif., said the available details made it seem as though the code was "served and verified by the original site and on the official mobile application." Read Full Article
BBC News: How social media could ruin your business
IT World Canada: UK regulator proposes fining British Airways a record CDN$300 million over data breach
