• Likes
  • Followers

Trending

  • The Role of SEO Resellers
  • 2022 and 2023 hardware – Which processors, GPUs and SSDs will we see?
  • Benchmark: The Callisto Protocol on PC
  • Need for Speed ​​Unbound Review
  • PlayStation 5 Dual Sense Edge Preview – Being a programmer will cost you 240 euros
  • Is Philips OLED807 the ultimate TV? OLED EX, game functions and four-sided Ambilight
  • The Callisto Protocol Review – Nice Dead Space-esque snack
  • Radeon RX 7900 XT and XTX Review – Battle erupts in new generation
  • Diablo IV Preview – Already devilishly good
  • Laptop Best Buy Guide – December 2022

TechWarrant.Com TechWarrant.Com - Best Technology Stuff from Around the World

  • Home
  • Apps
  • Games
  • Informative
  • Internet
    • Extensions & Addns
    • Web Site
  • Gadgets
  • News
  • Review
  • Vehicles & Robots
  • Top Lists
  • Tips & Tutorial
  • Misc.
  • Contact
TechWarrant
  • Home
  • News
  • British Airways stored administrator password and credit card data in plain text
News

British Airways stored administrator password and credit card data in plain text

By admin On Oct 16, 2020
LONDON, ENGLAND - SEPTEMBER 09: British Airways plane taxies after landing at Heathrow's Terminal 5 on September 9, 2019 in London, England. British Airways pilots have begun a 48 hour 'walkout', grounding most of its flights over a dispute about the pay structure of it's pilots. (Photo by Dan Kitwood/Getty Images)

British Airways has been fined 20 million pounds by the British regulator ICO for not having its security in order. Among other things, the company stored sensitive data unencrypted.

The Information Commissioner’s Office was fined 33 million euros after an investigation into a large-scale data breach in 2018, in which personal data of 380,000 people was stolen, including credit card details including CCV numbers. The privacy authority describes the course of the hack of the payment systems and lists where things went wrong with security.

The attackers managed to gain access to British Airways’ networks using account information from a Swissport employee. From there, the attackers managed to get tools within the Citrix environment that they could use to screen the network. For example, they discovered a login name and password of an administrator account that were stored in plain text and that, according to the ICO, gave almost unlimited access to the domain.

For example, the attackers were able to log in to multiple servers and on July 26, 2018, they were able to access log files containing, again in plain text, stored credit card information, including CCV numbers. Thanks to a test function that went live due to human error, the credit card data had been logged so unencrypted since December 2015. The retention period was limited to 95 days, which limited the damage somewhat, but the data of 108,000 cards was still so insightful.

The fine is much lower than the amount of 183 million pounds that the ICO threatened with last year, partly because the aviation sector is in financial difficulties due to the corona pandemic. During the talks over the amount of the fine, British Airways called credit card data breaches to the ICO “a completely mundane phenomenon.”

Prev Post

HEMA starts with smart lighting

Next Post

HomePod can serve as a home theater speaker and play game audio with Apple TV 4K

Recent Posts
  • The Role of SEO Resellers
  • 2022 and 2023 hardware – Which processors, GPUs and SSDs will we see?
  • Benchmark: The Callisto Protocol on PC
  • Need for Speed ​​Unbound Review
  • PlayStation 5 Dual Sense Edge Preview – Being a programmer will cost you 240 euros
  • Is Philips OLED807 the ultimate TV? OLED EX, game functions and four-sided Ambilight
  • The Callisto Protocol Review – Nice Dead Space-esque snack
  • Radeon RX 7900 XT and XTX Review – Battle erupts in new generation
  • Diablo IV Preview – Already devilishly good
  • Laptop Best Buy Guide – December 2022
© 2023 - TechWarrant. All Rights Reserved.
Sign in

Welcome, Login to your account.

Forget password?
Sign in

Recover your password.

A password will be e-mailed to you.