‘Russian hackers made £9.4m from BA breach’
HACKERS who stole the details of nearly 244,000 British Airways customers in a cyber attack could have raised £9.4million for Russian criminals, it has emerged.
Cyber security experts found the stolen credit card details were put up for sale online for between £6.94 and £38.58.
Magecart, a Russian-linked criminal group, is said to be behind the data breach in August in which 380,000 payments were initially thought to be compromised. The breach was detected 16 days after it began.
A British Airways investigation last month found that 244,000 cards were affected.
Vitali Kremez, director of research at security firm Flashpoint, said criminals sold some details for higher prices because certain European cards were considered more valuable, The Daily Telegraph reported.
Experts said Magecart was one of the major vendors of compromised payment information online. It put the credit cards up for a sale a week after the hack, under adverts titled ‘CVV2 Dumps Update (high valid)’.
The hackers boasted of having the details of passengers from countries including the UK, US, Germany, Canada and China.
The criminal group, which has run since 2015, has also targeted other companies, including concert tickets website Ticketmaster. BA chief executive Alex Cruz said at the time: ‘We are deeply sorry for the disruption that this criminal activity has caused.
‘We take the protection of our customers’ data very seriously.’
The hack is significant because the scale of the payment information is almost unprecedented in the UK.
Banks are legally obliged to refund customers who have had money fraudulently taken from their account.
A BA spokesman said: ‘As soon as we discovered the data theft, we immediately contacted all affected customers to recommend they contact their banks to cancel or provide extra protection to their cards.
‘We have had no verified cases of fraud since the incident.’