Expert comment – BA data breach a wake up call for the airline industry to invest in tech

It has been reported that British Airways has suffered a large scale data breach, compromising nearly 380,000 card transactions and it was reported that it took 16 days for the breach to be detected, which is shockingly slow in this post-GDPR world.

British Airways has been blighted with IT issues over the last 18 months, with big application failures causing flights to be cancelled in July and also over Bank Holiday weekend in May 2017. The impact of poor application performance has disappointed thousands of customers who have not been shy in voicing their dismay. It seems the global airline industry should regularly monitor the security and performance of their applications, and not only focus on keeping the planes in the sky.

Paul Farrington, Head of EMEA at app security company CA Veracode, calls for more consistency in security and app performance in the airline industry: “The British Airways breach is just another example of how, as the amount of personal data held by organisations continues to grow, hackers are finding more sophisticated ways to gain access to this data and use it to make a profit. Furthermore with GDPR now in full force the board at BA will have to consider their exposure to regulatory fines, especially when it took 16 days for the breach to be detected, and if the financial losses will outstrip what it would have cost to prevent the breach in the first place. 

IT issues are not only affecting BA, but also in the wider airline industry. Airlines have a duty to keep the planes in the air, and the majority of investment goes into that. However, recent outages show investment should also be directed at technology. As airlines become ever more dependent on software, this creates a greater surface for hackers to attack and so it is no surprise that breaches of this scale are becoming commonplace. 

Customers are right to be angry. If UK businesses want to avoid becoming the next victim of a breach it is crucial that they take significant steps to secure their software, web applications and networks to ensure that they aren’t their weakest points of attack.” 

(78)

Share