British Airways had malware installed on its computer systems earlier this year that captured the credit and debit card information including CVV numbers of more than 244,00 customers that was then transferred to illicit third party. You can read more about this incident here, here, here and here.
Now, the this information is on sale on the “Dark Web” where apparently Russian hackers are asking $12 million for it. BA still claims that they are not aware of any verified fraud caused by the “incident”.
Here’s an excerpt from the Daily Mail (access their piece here):
Cyber security experts found the stolen credit card details were put up for sale online for between £6.94 and £38.58.
A British Airways investigation last month found that 244,000 cards were affected. Vitali Kremez, director of research at security firm Flashpoint, said criminals sold some details for higher prices because certain European cards were considered more valuable, The Daily Telegraph reported.
Experts said Magecart was one of the major vendors of compromised payment information online. It put the credit cards up for a sale a week after the hack, under adverts titled ‘CVV2 Dumps Update (high valid)’.
The hackers boasted of having the details of passengers from countries including the UK, US, Germany, Italy, Spain, Canada, France, Korea, Mexico, Argentina, Brazil and China.
It is just crazy how lax these large companies are with their security protocols. Someone can install malware to their IT system that then captures all the credit card numbers along with the all other necessary data to use them and just dumps them to a third party?
The airline continues to claim, likely to try limit their financial exposure, that they are not aware of any verified fraud derived from their malpractices. Nonsense.
Remember that if you are one of the purchases whose credit card information was leaked there is already class action lawsuit starting to process and you should sign up to be part of the group. You can read more about this here.