Just when you thought you had the good fortune to avoid having your credit card details swiped in last month’s BA bungle, the airline has come clean about the fact that a further 185,000 customer’s details were siphoned off.
This news comes after the airline downgraded the initial figure from 380,000 to 244,000 last Thursday, only to up it by 185,000 this week. In fact, the numbers being announced and changed as fast as the boarding time of a Ryan Air flight are serving to only confuse the issue and are not making BA or the parent company International Airlines Group (IAG) any new admirers. One can only assume that includes the Information Commissioners Office (ICO).
Is that the sound of a brand new pair of GDPR branded rubber gloves being applied? Time will tell.
Hot on the apron strings of this deBAcle is worrying news from Cathay Pacific that your life might not be so well travelled if you are a customer. Cathay has announced that the personal details of no fewer than 9.4 Million passengers have been ‘accessed by unauthorised personnel’ (mwahahaha) including passenger names; nationalities; dates of birth; phone numbers; email addresses; physical addresses; 860,000 passport numbers; 245,000 Hong Kong ID card numbers; frequent flyer programme membership numbers; customer service remarks; and historical travel data. No biggy.
You can read the initial Cathay confession here. No doubt the numbers, details etc. will ebb and flow and are reported here using the information currently available.
If you have been a Cathay Pacific customer (ever), probably best contact them:
- Via the dedicated website – infosecurity.cathaypacific.com – which provides information about the event and what to do next
- Via Cathay Pacific’s dedicated call centre available after 12:30/25th OCT (GMT+8) (toll free numbers are available on infosecurity.cathaypacific.com)
- Email Cathay Pacific at [email protected]
Now far be it for us to judge how these massive airlines, whom we trust with our lives and the lives of our families time and time again, keep getting got (written deliberately because such abuse of English would have resulted in a trip out of the window, a run around the block and a hiding with ‘Priscilla’ -the preferred instrument of torture by psycho History teacher Jack Clarke RIP), but we do know from bitter experience that at least one of their procurement processes does nothing whatsoever to build a partnership with IT suppliers who have to endure online auctions for work, no matter how much pre-sales activity has been provided gratis, and can be undercut by (trusted, haha) vendors in the supply chain. You know who you are.
Now back to earth (or to be more accurate, sand) with a bump, thankfully not a BOOM.
Having clearly recently engaged the services of Sherlock Holmes Esq. cybersecurity outfit FireEye claims to have uncovered the dastardly creators of the Triton malware which breaks Industrial Control Systems (ICS) made by Schneider Electric, which was used to disrupt activities at a Saudi petrochemical plant recently.
Step forward……RUSSIA and Vladimir ‘Moriarty’ Putin.
Whilst this should come as no surprise to readers of this blog, it does represent clear proof that ICS are targets for nation states and criminals alike and need to be effectively protected. Unfortunately, many Industrial systems (and Internet of Ting tings for that matter) have not been written with security in mind and a lot of work needs to be done to remediate poor coding, obsolete operating systems and flat architectures which offer a veritable smorgasbord of an attack surface to the hacking fraternity.
ITC has the technology and automated detection processes in our managed Behavioural Analytics solution to detect attacks and respond very quickly in Enterprise and Industrial situations, we would love to demonstrate these to you.
If you would like to discuss this with us, or see a copy of the Triton malware if you are that way inclined, please contact us at: [email protected] or call 020 7517 3900.