NCSC advice for British Airways customers

Serviceteam IT Security News

Who is this guidance for?

Customers of British Airways (BA) who have used the company’s website or mobile application. The company has said a breach took place that put data at risk between 21 August and 5 September.

Overview

British Airways have reported that a data breach took place between 22:58 BST August 21 and 21:45 BST September 5, 2018. This is thought to have affected customers who made bookings on the BA website or app. They have reported that the compromised data includes names, email addresses and payment card information.
 

What should I do?

You can read BA’s latest information here.

If you used the BA website or mobile application to purchase services during the period BA say the data was at risk, we recommend that you contact your financial institution to see if there has been any irregular activity.

You should also monitor your financial accounts for any suspicious transactions.

Customers should ensure their passwords are secure. If you have been affected, you may want to consider changing passwords for key accounts such as banking. See Cyber Aware’s advice on creating a good password that you can remember, or read the NCSC’s blog post for help on using a password manager.

In general, it is advised you make use of two-factor authentication (2FA) on important accounts – even SMS-based two-factor is better than none. The benefit of this is that even if someone does obtain an account password then they would still not be able to access due to this extra security measure

Now would also be a good time to check if your account has appeared in any other public data breaches. Visit https://haveibeenpwned.com, enter your email address and go from there.

What else do I need to know?

BA suspect the breach was a result of criminal activity and have notified the police and relevant authorities. You can keep track of the NCSC’s latest statement here.

Genuine financial institutions will not ask you to reply to an email with personal information, or details about your account. If you contact them, use a phone number/email address you have looked up yourself, rather than one sent to you in the email – it may be false. For further information, look at NCSC guidance on the phishing threat following data breaches.

Those affected should remain vigilant against suspicious phone calls or targeted emails. Further guidance on this and other cyber security matters can be found here on the NCSC website and Cyber Aware.

If members of the public think they have been a victim of online crime they can report a cyber incident using Action Fraud’s online fraud reporting tool anytime of the day or night or call 0300 123 2040. For further information visit www.actionfraud.police.uk

Source: NCSC

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

/by
You might also like
Serviceteam IT Security News Marcus Hutchins: UK ransomware ‘hero’ pleads guilty to US hacking charges
Serviceteam IT Security News Protective DNS service for the public sector is now live
Serviceteam IT Security News New Phishing Scam Reels in Netflix Users to TLS-Certified Sites
Serviceteam IT Security News Farewell the ‘porn block’ – a PR exercise but lousy policy | Amy Orben
Serviceteam IT Security News Wire cutters: how the world’s vital undersea data cables are being targeted
Serviceteam IT Security News Google to Ditch Public Key Pinning in Chrome