Want to make creations as awesome as this one?

by MJ


British Airways

Data breach

case study.


  • British Airways (BA) suffered a major data breach in 2018
  • Over 350,000 BA passengers' personal information, such as name, address, emails and bank account details were accessed by hackers
  • British Airways were originally fined £183 million for the breach, but it was signifianly reduced to £20 million
  • Compensation was paid to customers whose data was stolen

Key facts

The ICO ( Information Commissioner's Office ) claimed the attack happened after the British Airways website was diverted to a fake site. Alan Woodward, who wiorks for computer security, says the attack was most likely carried out through a supply chain attack on a third party payment utility used by BA.

what we know

Problem statement

This breach did not impact passport numbers or travel information.

Accordiong to riskiq, the hacking group behind this is called magecart

RiskIQ was a cyber security company based in California, USA, which provided detecting services for online security threats. It was bought by Microsoft in 2021 for $500,000,000. They believed that the criminals behind this cyber attack form a group called Magecart. Their main objective is to use online skimming to obtain personal data.

Bad afffect on BA's reputation, as many people were impacted and reviews weren't as good as they used to be

Due to cost cutting, brought on by the ICO's fine, customersd say quality of services has decreased

case study.