Russian hackers may have made £9m from BA attack
STOLEN credit card details of more than 240,000 British Airways customers for sale on the dark web may have netted up to £9.4 million for Russian hackers.
Research from Flashpoint and Risk IQ, the cyber security experts, seen by The Daily Telegraph, has shown that credit card details, which were stolen during a hack on the airline’s website in August, were for sale for between £6.94 and £38.58 each.
The attack, attributed to a Russia-linked group known as Magecart, took place between Aug 21 and Sept 5, with 244,000 payments compromised.
Vitali Kremez, of Flashpoint, said the wide range of prices was due to the fact that some of the European cards were valued higher than usual.
British Airways said that it had not received any verified reports of fraud as a result of the hack, adding: “We contacted affected customers and their card companies at the time so that any necessary action could be taken.” Magecart makes its profits by selling skimmed payment data on a dump and credit card shop, and is one of the most prominent vendors of compromised payment information online.
Credit cards were put up for sale a week after the clean-up, experts claimed, with adverts entitled “CVV2 Dumps Update (high valid)”.
Furious British Airways passengers had to cancel their credit cards after the 15-day breach, which exposed names, addresses, credit card numbers, expiry dates and the three-digit security codes on the back of cards. Stolen information did not include passports or travel details.
Alex Cruz, BA’S chairman, revealed the hackers were “very sophisticated criminals” who had not hacked encrypted data, but rather gained “illicit access” to the airline’s system.
The Information Commissioner’s Office said: “[Our] investigation into a cyber attack at BA is ongoing.”