Airline Breaches Abound
It may be safer to fly in an airplane than to book your travel.
While there is a very remote chance you will come to harm while flying, it seems that based on the news lately you can come to cyber-theft harm just through booking your flights.
Cyber criminals have been targeting airlines and succeeding. Let’s look at what happened to Cathay Pacific and British Air in the recent past.
Cathay Pacific Breach Affects 9.4 Million
According to Raymond Zhong in his New York Times article titled “Cathay Pacific Data Breach Exposes 9.4 Million Passengers”:
“Cathay Pacific, the Hong Kong-based international airline, acknowledged on Wednesday that its computer system had been compromised at least seven months ago, exposing the personal data and travel histories of as many as 9.4 million people.
The breach involved private user information, including phone numbers, dates of birth, frequent flier membership numbers and passport and government ID numbers, as well as information on passengers’ past travels. The airline said that 27 credit card numbers — but not their corresponding security codes — had been obtained, as had 403 expired credit card numbers.”
Although the Cathay Pacific breach is clearly huge, it is not an isolated case.
British Air Breach Affects 565,000
According to Carly Page of The Inquirer in her article titled “British Airways admits mega-breach hit additional 185,000 customers”:
“The firm originally said that the mega-breach, which was first made public at the beginning of September, saw hackers compromise the payment cards of at least 380,000 customers in a theft of data from the company's online booking systems.
In an updated statement released on Thursday, BA admitted that a further 185,000 customers may have been affected by the breach.
Its investigation, carried out with specialist cyber forensic investigators and the National Crime Agency, revealed that hackers "may have stolen" payment details, including CVV numbers, of an additional 77,000 customers.
A further 108,000 also saw their payment details, without CVV, "potentially compromised" during the incident."
Prevent, Don’t Remediate
At the risk of stating the obvious, prevention is the ideal form of protection. By leveraging solutions that use deep inspection and analysis methods that interpret and detect code in real time, you can immediately block threats from affecting your organization.
Your selected solutions should make no assumptions on threat heuristics and behavior but actually assume that there is no legitimate reason for executable code to be present in a data file, it relies solely on identifying code existence on non-executables files.
Subscribe to Cyber Resilience Insights for more articles like these
Get all the latest news and cybersecurity industry analysis delivered right to your inbox
Sign up successful
Thank you for signing up to receive updates from our blog
We will be in touch!