Total Tests:

British Airways security incident garners record GDPR fine

Search Security
Tuesday, July 9, 2019

The ICO plans to levy a record GDPR fine of nearly $230 million against British Airways for a security incident that led to 500,000 customers having their data compromised.

Ilia Kolochenko, founder and CEO of application security firm ImmuniWeb, based in Geneva, said it depends on whether the JavaScript library in question was actually located on British Airways' resources or not.

"Nowadays, there are many convoluted avenues to inject malicious code into legitimate pages. For example, sometimes developers mistype the domain name where an external [JavaScript] library is hosted, and attackers simply register the domain and place a malware there instead of the library," Kolochenko said. "Other companies purchase their own domains to host third-party code and then forget to renew the domains, ceding this opportunity to malicious actors."

Ido Safruti, CTO and co-founder of web application security vendor PerimeterX, based in San Mateo, Calif., said the available details made it seem as though the code was "served and verified by the original site and on the official mobile application." Read Full Article


Book a Call Ask a Question
Close
Talk to ImmuniWeb Experts
ImmuniWeb AI Platform
Have a Technical Question?

Our security experts will answer within
one business day. No obligations.

Have a Sales Question?
Email:
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
*
*
*
*
Your data will stay private and confidential