The hacking group behind the theft of 380,000 customers’ details from BA has been linked to a similar heist from Ticketmaster.
Threat researcher Yonathan Klijnsma of cyber security firm RiskIQ has identified the hackers as the Magecart group, which often uses forms in websites to insert code that will steal customers’ bank card details.
Last week, British Airways admitted that the credit card information of at least 380,000 customers had been compromised by hackers.
Ticketmaster announced that 40,000 customers in the UK had their personal information and banking card details stolen in June.
According to Mr Klijnsma, there is significant evidence that these cyber heists were conducted by the same criminal hacking group which RiskIQ calls Magecart, and which it says has been active since 2015.
In the physical world, card skimmers can be covertly placed into ATMs where they capture the card’s details as it is placed into the machine, and increasingly digital card skimmers are being injected into websites.
Fabien Libeau, RiskIQ’s vice president for EMEA, told Sky News the firm was confident that the Magecart group was behind the BA hack – and added that he himself had been one of the victims.
He said that the company couldn’t really tell how the hack took place as they do not have those details, but added: “At the end of the day it’ll have to be very sophisticated because BA didn’t detect it for 15 days.”
Mr Libeau described the hackers as “well prepared” and said that BA had been “very targeted by the group”, marking an evolution in their criminal activities, especially compared with the “generic scripts” they used to infect e-commerce sites.
He added that he got in touch with his card provider, Amex, to warn them about his card details being stolen, and encouraged all victims to contact their card providers to get new cards issued.
“They will have your data, full stop,” he said. “They’ve been collecting all the credit card data when you submitted it. Whether they use the data is another question, but they have it.”
The British Airways customers that are believed to have been affected used BA.com and BA’s mobile app for flight bookings between 21 August and 5 September.
BA’s chief executive Alex Cruz said the company was “100% committed” to compensating customers who have had financial information stolen.
A spokesperson for British Airways declined to comment on RiskIQ’s research, stating that the company was co-operating with the authorities but would not respond to speculation.