Companies and employees may be getting smarter when it comes to protecting themselves and their corporate networks from hackers, but that doesn’t mean the days of high profile cyber attacks are over. Sure they are down from last year and aren’t eliciting the same headlines as 2018’s wave of Ransomware campaigns, but they are happening at an alarming rate, keeping executives and security professionals awake at night.
Take British Airways mea culpa of last week. It was forced to apologize to its customers after the credit card details of scores of flyers were stolen during a two week period. Telling Reuters that the airline operator has been the victim of a “very sophisticated, malicious criminal” attack British Airways Chairman and Chief Executive Alex Cruz said bookings made from Aug. 21 and Sept. 5 were impacted. That amounted to around 380,000 credit cards with the bad guys getting off with customers names, street and email addresses, credit card numbers, security codes and expiration dates. Cruz said the airline was “deeply sorry,” noting the hackers weren’t able to get past British Airway’s encryption.
Facebook Data Breach Sparks Talk Of New Legislation
The British Airway’s data breach is a big one, but it's not the only one so far this year. By far one of the most attention-grabbing data breaches to happen in 2018 falls on Facebook, the leading social media network operator with more than 2 billion active monthly users. In March it disclosed that now-defunct political consulting firm Cambridge Analytica accessed data on 87 million Facebook users without their consent in the run-up to the 2016 U.S. Presidential Election. Cambridge Analytica was working on President Donald Trump’s campaign at the time and was able to get off with details about Facebook user’s personal information. That prompted investigations from regulators in both the U.S. and the UK and culminated with Facebook CEO Mark Zuckerberg testifying before Congress. It is also expected to bring on new data protection legislation for social media and internet companies as a result.
Retailers Still A Target
Retailers have long been a target of hackers--remember the Target and Home Depot data breaches of 2013 and 2015 respectively--and they haven’t grown tired of going after them. Case in point: toward the end of March, Hudson Bay owned department stores Saks Fifth Avenue and Lord & Taylor were hacked, with the bad guys stealing credit and debit card data from 5 million customers. Gemini Advisory, the security firm, stumbled on an announcement from a hacking syndicate that it was selling five million stolen credit and debit cards and alerted Hudson Bay. While the department store owner took immediate steps to correct the situation it hasn’t been immune to lawsuits as a result of the hack. In April, a shopper filed a class action lawsuit against the company seeking $5 million in damages.
Smaller Players Aren’t Safe Either
High profile targets are the holy grail of hacking but even the lesser known can be fruitful for the bad guys. That was the case with the recent cyber attack of Ticketfly, the concert and sporting event ticketing website. On May 31 a hacker went after the Website, taking it down and disrupting operations for an entire week after the company didn’t take the person behind the attack warning seriously. According to media reports the hacker warned Ticketfly of a vulnerability in the network and wanted payment via ransom to fix it. Ticketfly balked at the demands, resulting in its Website being replaced and the hacker stealing a big directory of customer and employee information including their names, addresses, email address, and phone numbers. The damage: 27 million Ticketfly customers’ accounts were compromised.