Translated by

British Airways

Company

width=200px
300px

2019

IT systems failed and led to collapse at the airports

On August 7, 2019 in computer systems of British Airways there was a failure because of which tens of runs were delayed. The problem is aggravated with the fact that it arose in the period of a pica of holidays.

«
We had some problems this morning, they mentioned terminals and front desks and also departures of airplanes … We work on as soon as possible to solve a system problem which led to canceling of a number of runs to short distances and delays at the London airports, says British Airways.
»

IT systems of British Airways failed and caused collapse at the airports. People cannot depart to peak of a holiday season
IT systems of British Airways failed and caused collapse at the airports. People cannot depart to peak of a holiday season

The airline also told that some flights continue to be performed. Nevertheless the airline recommended to clients before coming to the airport,  to check the relevant information on the website.  The airline offers passengers, whose run was cancelled, an opportunity of its postponement for other days.

Because of malfunctions the company cancelled more than 90 runs at the London airports. Among them there is a run to St. Petersburg which had to arrive to Pulkovo at 2:45 p.m. on Moscow time. Also the departure from Pulkovo to London which according to the schedule had to go at 3:40 p.m. on Moscow time is cancelled.

In total because of failure several thousands of passengers suffered. At front desks at Heathrow airports and Gatvik huge queues accumulated what numerous photos and video confirm.

Some users complain of problems with online registration for run while others write in social networks that they got stuck in airplanes which for hours could not take off.

The photographer Stewart Jackson on the Twitter blog wrote that it and other passengers got stuck in the airplane therefore he was not in time on connection flight, the made months plans were ruined and thousands of pounds sterling were lost.

As notes Reuters, this large computer failure at British Airways became the third a little more than in two years.[1]

Fine of 183.4 million pounds sterling for date leak of passengers

On July 8, 2019 the British Department of the representative for information (   The UK Information Commissioner’s Office, ICO)  announced imposing on British Airways of a penalty in the amount of 183.4 million pounds sterling (about $230 million) for large-scale date leak.

«
The law is extremely clear — if trust you personal data, then you should save them. Those who will not be able to cope with it will face careful check from my department — the commissioner of ICO Elisabeth Denem said.
»

British Airways will pay a record penalty for date leak of passengers
British Airways will pay a record penalty for date leak of passengers

As notes BBC, the penalty became the biggest of all, ICO which ever are taken out.  Besides, it was record for the airlines which allowed date leaks. The chairman of the board of directors and the CEO of British Airways Alex Cruz (Alex Cruz) said that the company "is surprised and disappointed" with the solution of the regulator.

«
British Airways quickly reacted to criminal action for the purpose of theft of these clients.  We did not find any proofs of fraud on accounts which theft concerned — Cruz reported. He also apologized to clients for the caused inconveniences.
»

Initially British Airways stated that as a result of cyber attack to the website and mobile application of airline data of bank cards of 380 thousand clients could be stolen. However afterwards it became clear that leak concerned 185 thousand more passengers, than it was stated initially, and theft lasted not two weeks, and longer, Financial Times tells.

The penalty which is written out by British Airways will make  1.5% of world turnover of airline in 2017 (the greatest possible penalty in Great Britain for date leak makes 4% of turnover of the company).

Punishment of British Airways can become one of most noticeable within the general regulations of the EU about data protection (General Data Protection Regulation, GDPR) regulating distribution and use of personal data of Europeans which  began to work  on May 25, 2018.[2]

2018

The method of cracking of the website of British Airways is opened

On September 11, 2018 the method of cracking of the website of British Airways which led to the largest date leak at airline became known.

The Risk IQ company specializing in technologies of information security detected harmful lines in a program code of the website using which hackers could obtain data about 380 thousand clients of airline.

According to specialists, behind cyberattack on the website and mobile application of British Airways there is a hacker MageCart grouping which cracks services, implementing the script working by the principle of skimmers. Such miniature devices are installed by swindlers in the ATM for theft of banking data from owners of debit and credit cards.

According to Risk IQ, malefactors used the scheme of a skimming — theft of data of the card by means of the reader device
According to Risk IQ, malefactors used the scheme of a skimming — theft of data of the card by means of the reader device

Risk IQ told that the scheme of a skimming was adapted for the British Airways website. It was constructed in such a way that the harmful mechanism was built in payment processing therefore it was very difficult to notice fraud. Most likely, hackers got access to the website of airline for some time prior to the attack which happened from August 21 to September 5, 2018 as attack was well planned.

«
This skimmer is very well adapted for the organization of payments on the website of British Airways. It demonstrates to what organizers very carefully thought over how to attack the website instead of blindly implementing the normal MageCart skimmer — said in Risk IQ.
»

Malefactors added 22 lines of a program code at the end of Modernizr JavaScript-library which provided sending the payment these clients of British Airways for a remote server belonging to organizers of the attack. For increase in masking the stolen data went to the website baways.com reminding an official resource of British Airways.[3]

Leak of banking data of 380 thousand clients

At the beginning of September, 2018 it became known of large-scale date leak of clients of British Airways. As a result of the hacker attack information concerning payments according to cards about 380 thousand people which used services of the British airline was stolen.

The users making online armoring of tickets on the website and through mobile application of British Airways during the period from August 21 to September 5, 2018 suffered, the Reuters news agency with the link the statement of International Airlines Group holding which includes British Airways reports.

At the beginning of September, 2018 it became known of large-scale date leak of clients of British Airways
At the beginning of September, 2018 it became known of large-scale date leak of clients of British Airways
«
British Airways contacts victims, we advise all clients who consider that this incident could affect them, contact the banks and follow their recommendations — reported in holding.
»

The airline claims that vulnerability because of which there was a cyberincident is eliminated, and "compromised" there was only information on non-cash payments — passport data of holders of cards and data on the planned flights are not mentioned. Urgent investigation in cooperation with law enforcement agencies is made.[4]

The CEO of British Airways Alex Cruz expressed a regret because of the incident and  apologized to clients.

«
We deeply regret for  the violation caused by criminal acts. We very seriously treat  data protection of our clients  — the head of airline told.
»

British Airways did not state the reasons because of which there was a large date leak of clients. The company only noted that problems are not connected with the decision on outsourcing of IT transactions.

According to The Guardian, after the incident can be fined by British Airways according to new general rules of data protection. The maximum amount of collecting for similar violations is 4% of global revenue. In a case with British Airways it is about 500 million pounds sterling.

2017: Large-scale failure in work of IT systems

On May 27, 2017 in computer systems of the British airline British Airways there was a large-scale failure which led to canceling of a set of runs. Losses of carrier as a result of an incident can make up to $200 million.

On May 27−28, 2017 from the airports of London about 75 thousand passengers could not get on flights of British Airways, over 1 thousand runs were cancelled or laid off. Those who managed to be replaced to runs of other airlines had to travel without baggage. Problems in work of British Airways matched the beginning of a week school break in Great Britain.

Passengers with the baggage wait in a re-registration zone at Heathrow airport, on May 29, 2017.
Passengers with the baggage wait in a re-registration zone at Heathrow airport, on May 29, 2017.

Canceling of flights happened because of malfunctions in  a computer system which resulted from interruptions in power supply. Failure also affected the website and call center of the company.  The airline  did not detect proofs of participation of hackers in a problem.

Earlier British media assumed that  the IT failure largest in recent years in an aviation industry happened because of optimization of British Airways of expenses and  transfer  a naautsorsing of some work types. The company denied this information.

According to estimates of Citigroup, an effect of computer failure will cost British Airways about 100 million euros. The bank counted that because of canceling of runs 175 thousand passengers suffered.

The The Times edition with reference to experts writes that the last will have to pay to each passenger who was affected by failure in work of airline from 225 to 540 pounds sterling, and the general loss of airline can exceed 150 million pounds sterling ($190 million).

In the International Consolidated Airlines Group aviagroup which part British Airways is, note that so far too early to do forecasts concerning the expenses connected with computer failure.[5]

Notes