British Airways
Company Details
Linkedin ID:
british-airways
Website:
Employees number:
31,334
Number of followers:
1,055,209
NAICS:
481
Industry Type:
Homepage:
http://www.ba.com
IP Addresses:
0
Company ID:
BRI_2282734
Scan Status:
In-progress
British Airways Company CyberSecurity Posture
http://www.ba.com
As a global airline and the UK’s flag carrier, British Airways has been flying its customers to where they need to be for more than 100 years. The airline connects Britain with the world and the world with Britain, operating one of the most extensive international scheduled airline route networks together with its joint business, codeshare and franchise partners. Together with its affiliates, British Airways operates to around 200 destinations in over 75 countries throughout Europe, North America, South America, Asia, Africa and Australia. In September 2021, British Airways launched its sustainability programme, BA Better World, committing to put sustainability at the heart of everything it does and with a clear roadmap to achieve net zero carbon emissions by 2050. Unfortunately, we're unable to answer any specific customer service queries here. If you need to contact someone about our service or need immediate assistance, please DM us directly on Instagram, Facebook or X.
British Airways A.I CyberSecurity Scoring
British Airways Risk Score (AI oriented)Between 700 and 749
British Airways
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
British Airways Global Score (TPRM)XXXX
British Airways
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
British Airways Company CyberSecurity News & History
Past Incidents
6
Attack Types
3
British Airways Plc
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: The California Office of the Attorney General reported a data breach involving British Airways Plc on November 21, 2018. The breach dates include October 21, 2018, September 5, 2018, April 21, 2018, and July 28, 2018. The breach involved the compromise of personal and financial information of customers, which could have significant consequences for the company and its customers.
British Airways
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: British Airways disclosed that the data breach experienced by the payroll service provider Zellis has an effect on them. The BBC and British Airways employees' personal information was exposed as a result of the cyberattack on the payroll service Zellis. According to reports, British Airways was one among the companies damaged by a cyber security attack against MOVEit's target, the UK-based payroll provider Zellis.
British Airways Plc
Cyber Attack
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The Washington State Office of the Attorney General reported a data breach involving British Airways PLC on November 21, 2018. The breach, which occurred from August 21, 2018 to September 5, 2018, was due to a cyberattack involving malware, potentially exposing the payment card and personal information of approximately 1,588 Washington residents.
British Airways
Cyber Attack
Rankiteo Explanation
Attack threatening the organization’s existence
Description: In 2018, British Airways suffered a **Magecart (e-skimming) attack** where attackers injected malicious JavaScript into its payment checkout page, exploiting a third-party script vulnerability. The breach went undetected for **two weeks**, during which **380,000 customers' payment card details** (including names, addresses, credit card numbers, CVV codes, and expiry dates) were harvested directly from the browser environment. The attack bypassed traditional security measures like WAFs and intrusion detection systems by operating entirely client-side, leveraging encrypted HTTPS traffic to exfiltrate data to attacker-controlled servers. The incident resulted in **regulatory fines (£20M by ICO)**, reputational damage, and a **class-action lawsuit** from affected customers. The breach highlighted critical gaps in monitoring dynamic client-side code and third-party script dependencies, which remained unaddressed despite robust server-side defenses. The financial and operational fallout extended beyond immediate fraud losses, impacting customer trust during peak travel seasons.
British Airways
Data Leak
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Credit card details of hundreds of thousands of British Airways customers were stolen over a two-week period in the most serious attack on its website and app. It immediately contacted customers when the extent of the breach became clear. Around 380,000 card payments were compromised. Hackers obtained names, street and email addresses, credit card numbers, expiry dates and security codes. The attack came 15 months after the carrier suffered a massive computer system failure at London's Heathrow airport, which stranded 75,000 customers over a holiday weekend. The attackers had not broken the airline's encryption but did not explain exactly how they had obtained the customer information. The attackers had probably targeted a gateway between the airline and a payment processor because no travel details had been stolen. BA advised customers to contact their bank or credit card provider and follow their recommended advice.
British Airways
Data Leak
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: British Airways found a security bug which has the potential to expose passengers’ data, including their flight booking details and personal information. It was an attack that could expose victims’ booking reference numbers, phone numbers, email addresses and more. It was found that bad actors could either view the victim’s personal data, or manipulate their booking information. The exposed information includes email address, telephone numbers, BA membership numbers, first and last name, booking reference, itinerary, flight information like flight number, flight times, and seat number.
British Airways Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for British Airways
Incidents vs Airlines and Aviation Industry Average (This Year)
No incidents recorded for British Airways in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for British Airways in 2025.
Incident Types British Airways vs Airlines and Aviation Industry Avg (This Year)
No incidents recorded for British Airways in 2025.
Incident History — British Airways (X = Date, Y = Severity)
British Airways cyber incidents detection timeline including parent company and subsidiaries
British Airways Company Subsidiaries
As a global airline and the UK’s flag carrier, British Airways has been flying its customers to where they need to be for more than 100 years. The airline connects Britain with the world and the world with Britain, operating one of the most extensive international scheduled airline route networks together with its joint business, codeshare and franchise partners. Together with its affiliates, British Airways operates to around 200 destinations in over 75 countries throughout Europe, North America, South America, Asia, Africa and Australia. In September 2021, British Airways launched its sustainability programme, BA Better World, committing to put sustainability at the heart of everything it does and with a clear roadmap to achieve net zero carbon emissions by 2050. Unfortunately, we're unable to answer any specific customer service queries here. If you need to contact someone about our service or need immediate assistance, please DM us directly on Instagram, Facebook or X.
Loading...
British Airways Similar Companies
We would like to acknowledge the Traditional Custodians of the local lands and waterways on which we live, work and fly. We pay our respects to Elders past and present. Spirit is everything to us, and joining the Qantas team means bringing your spirit to ours. We have over 26,000 exceptional emplo
Singapore Airlines
Welcome aboard Singapore Airlines on LinkedIn. Discover travel inspirations, business travel tips, cultural insights, our latest updates, and more. Singapore Airlines is a global company dedicated to providing air transportation services of the highest quality and to maximising returns for the ben
Canada's largest airline, the country’s flag carrier and a founding member of Star Alliance, the world's most comprehensive air transportation network celebrating its 25thanniversary in 2022, Air Canada provides scheduled passenger service directly to 51 airports in Canada, 51 in the United States a
The Lufthansa Group is an aviation company with operations worldwide. It plays a leading role in its European home market. With 109,509 employees, the Lufthansa Group generated revenue of EUR 32.770m in the financial year 2022. The Passenger Airlines segment includes, on the one hand, the network a
Grupo Aeromexico, S.A.B. de C.V. is a holding company whose subsidiaries are engaged in commercial aviation and the promotion of passenger loyalty programs in Mexico. Aeromexico, Mexico’s global airline, operates more than 600 daily flights and has its main hub in Terminal 2 of the Mexico City Inter
Emirates
Based in Dubai, the Emirates Group employs over 103,363 staff from more than 160 nationalities. The Emirates Group’s extensive and diverse international portfolio includes the world’s largest international airline, Emirates, and one of the largest combined air services provider in the world, dnata.
easyJet
We’re on a mission to make low-cost travel easy. Whatever your role, you’ll connect millions of people to what they love using Europe’s best airline network, great value fares, and friendly service. And to help us get there we’ll give you everything you need to make a personal impact on our growing
SAUDI AIRLINES
At Saudia Group, we're on a mission to inspire people to go beyond borders. Our purpose is rooted in unlocking human potential and connecting the world in ways never thought possible. We are committed to reshaping the aviation ecosystem in our region and beyond, by embracing innovation and a custome
gategourmet
gategourmet has been serving the airline industry for more than 70 years and has become the world’s largest independent provider of airline catering and logistics. We prepare tens of thousands of tasty, nutritious passenger meals and snacks daily and reliably service more than 2 million flights a ye
.png)
British Airways CyberSecurity News
September 25, 2025 07:00 AM
British Police Arrest Man Linked to European Airport Cyber Attack
Heathrow Airport (LHR) reported initial delays affecting hundreds of flights, but British Airways (BA) activated backup systems to minimize...
September 22, 2025 07:00 AM
Flights across Europe delayed after cyberattack targets third-party vendor
A suspected ransomware attack targeting a U.S. company that provides check-in technology has led to widespread flight disruptions since...
September 22, 2025 07:00 AM
EU cyber agency says airport software held to ransom by criminals
The EU's cyber security agency says criminals are using ransomware to cause chaos in airports around the world.
September 22, 2025 07:00 AM
Cyber attacks are now coming for your holiday
Following a weekend of disruption at several major European airports, cyber security experts say this is only the beginning.
September 21, 2025 07:00 AM
Cyber Attack Cripples European Airports Amid Rising Aviation Threats
A sophisticated cyber attack on Collins Aerospace disrupted operations at major European airports on Friday night, affecting check-in and...
September 20, 2025 07:00 AM
Cyberattack hits check-in systems at some of Europe’s busiest airports
Heathrow, Brussels and Berlin airports among major European hubs confirming disruptions as a result of the attack.
September 20, 2025 07:00 AM
Heathrow cyber-attack: Day of delays after airport check-in system hit
Heathrow was among several European airports hit by delays on Saturday after a cyber-attack affecting an electronic check-in and baggage...
September 11, 2025 09:02 AM
British Airways hacking: Data breach strikes thousands of customers
A British Airways aircraft stands on a parking position at Heathrow Airport in London, Britain, 29 May 2017.
August 08, 2025 07:00 AM
KLM and Air France Join Aeroflot, Qantas, WestJet, United in Facing Serious Cybersecurity Threats, Data Breach and Outages
KLM and Air France join Aeroflot, Qantas, WestJet, United, and South African Airways in facing serious cybersecurity threats,...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
British Airways CyberSecurity History Information
Official Website of British Airways
The official website of British Airways is http://www.ba.com.
British Airways’s AI-Generated Cybersecurity Score
According to Rankiteo, British Airways’s AI-generated cybersecurity score is 743, reflecting their Moderate security posture.
How many security badges does British Airways’ have ?
According to Rankiteo, British Airways currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does British Airways have SOC 2 Type 1 certification ?
According to Rankiteo, British Airways is not certified under SOC 2 Type 1.
Does British Airways have SOC 2 Type 2 certification ?
According to Rankiteo, British Airways does not hold a SOC 2 Type 2 certification.
Does British Airways comply with GDPR ?
According to Rankiteo, British Airways is not listed as GDPR compliant.
Does British Airways have PCI DSS certification ?
According to Rankiteo, British Airways does not currently maintain PCI DSS compliance.
Does British Airways comply with HIPAA ?
According to Rankiteo, British Airways is not compliant with HIPAA regulations.
Does British Airways have ISO 27001 certification ?
According to Rankiteo,British Airways is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of British Airways
British Airways operates primarily in the Airlines and Aviation industry.
Number of Employees at British Airways
British Airways employs approximately 31,334 people worldwide.
Subsidiaries Owned by British Airways
British Airways presently has no subsidiaries across any sectors.
British Airways’s LinkedIn Followers
British Airways’s official LinkedIn profile has approximately 1,055,209 followers.
NAICS Classification of British Airways
British Airways is classified under the NAICS code 481, which corresponds to Air Transportation.
British Airways’s Presence on Crunchbase
No, British Airways does not have a profile on Crunchbase.
British Airways’s Presence on LinkedIn
Yes, British Airways maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/british-airways.
Cybersecurity Incidents Involving British Airways
As of November 27, 2025, Rankiteo reports that British Airways has experienced 6 cybersecurity incidents.
Number of Peer and Competitor Companies
British Airways has an estimated 3,299 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at British Airways ?
Incident Types: The types of cybersecurity incidents that have occurred include Data Leak, Breach and Cyber Attack.
How does British Airways detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an communication strategy with immediately contacted customers when the extent of the breach became clear and advised them to contact their bank or credit card provider., and containment measures with recommended: deploy content security policy (csp) in report-only mode, containment measures with recommended: implement subresource integrity (sri) for third-party scripts, containment measures with recommended: isolate and remove malicious scripts, containment measures with recommended: disable compromised third-party integrations, and remediation measures with recommended: conduct comprehensive script audits, remediation measures with recommended: deploy client-side monitoring tools (e.g., rasp, web exposure management), remediation measures with recommended: enforce nonces for inline scripts instead of 'unsafe-inline', remediation measures with recommended: update pci dss 4.0.1 controls for client-side risks, and recovery measures with recommended: develop client-side incident playbooks, recovery measures with recommended: implement automated script inventory tools, recovery measures with recommended: enhance customer communication templates for breaches, and adaptive behavioral waf with recommended: supplement traditional wafs with client-side protection, and enhanced monitoring with recommended: real-time javascript execution monitoring..
Incident Details
Can you provide details on each incident ?
Title: British Airways Data Breach
Description: Credit card details of hundreds of thousands of British Airways customers were stolen over a two-week period in the most serious attack on its website and app.
Type: Data Breach
Attack Vector: WebsiteMobile App
Vulnerability Exploited: Gateway between the airline and a payment processor
Motivation: Financial Gain
Title: British Airways Data Exposure Incident
Description: British Airways found a security bug which has the potential to expose passengers’ data, including their flight booking details and personal information. The exposed information includes email address, telephone numbers, BA membership numbers, first and last name, booking reference, itinerary, flight information like flight number, flight times, and seat number.
Type: Data Exposure
Attack Vector: View victim's personal dataManipulate booking information
Title: British Airways Data Breach via Zellis Payroll Service
Description: British Airways disclosed that the data breach experienced by the payroll service provider Zellis has an effect on them. The BBC and British Airways employees' personal information was exposed as a result of the cyberattack on the payroll service Zellis.
Type: Data Breach
Attack Vector: Cyberattack on payroll service provider
Title: British Airways Data Breach
Description: The California Office of the Attorney General reported a data breach involving British Airways Plc on November 21, 2018. The breach dates include October 21, 2018, September 5, 2018, April 21, 2018, and July 28, 2018.
Date Detected: 2018-11-21
Date Publicly Disclosed: 2018-11-21
Type: Data Breach
Title: British Airways Data Breach
Description: The Washington State Office of the Attorney General reported a data breach involving British Airways PLC on November 21, 2018. The breach, which occurred from August 21, 2018 to September 5, 2018, was due to a cyberattack involving malware, potentially exposing the payment card and personal information of approximately 1,588 Washington residents.
Date Detected: 2018-09-05
Date Publicly Disclosed: 2018-11-21
Type: Data Breach
Attack Vector: Malware
Title: 2024 Holiday Season Client-Side Attacks: Polyfill.io Breach and Cisco Magecart Incident
Description: The 2024 holiday season witnessed a surge in client-side attacks exploiting third-party JavaScript vulnerabilities, including the Polyfill.io supply chain breach (affecting 500,000+ websites) and the Cisco Magecart attack targeting holiday shoppers. These incidents highlighted critical visibility gaps in Web Application Firewalls (WAFs) and intrusion detection systems, which fail to monitor malicious JavaScript executing in users' browsers. Attackers leveraged encrypted traffic, dynamic script behavior, and shadow scripts to steal payment data undetected, with attacks increasing by 690% during peak shopping periods. Notable examples included the British Airways (2018) and Ticketmaster (2019) breaches, alongside 2024 incidents like the Kuwaiti e-commerce site Shrwaa.com and the Grelos skimmer variant deploying fake payment forms before Black Friday.
Date Publicly Disclosed: 2024-09-01
Type: Data Breach
Attack Vector: Compromised Third-Party JavaScript (Polyfill.io, chat widgets, analytics platforms)Shadow Scripts (unauthorized/dynamically loaded scripts)DOM Manipulation (fake payment forms)Session/Cookie HijackingEncrypted HTTPS Traffic ExfiltrationSupply Chain Compromise (vendor scripts)
Vulnerability Exploited: Lack of Content Security Policy (CSP) enforcementAbsence of Subresource Integrity (SRI) checksUnmonitored third-party script dependenciesInsufficient client-side runtime monitoringOver-reliance on server-side WAFs/IDS for client-side threatsPCI DSS 4.0.1 compliance gaps in client-side data protection
Motivation: Financial Gain (theft of payment card data during high-transaction holiday season)
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Gateway between the airline and a payment processor, Compromised third-party scripts (e.g., Polyfill.io, chat widgets)Shadow scripts dynamically loaded without approvalVendor supply chain vulnerabilities (e.g. and customer support tools).
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach BRI45811122
Data Compromised: Credit card numbers, Expiry dates, Security codes, Names, Street and email addresses
Systems Affected: WebsiteMobile App
Payment Information Risk: High
Incident : Data Exposure BRI0563423
Data Compromised: Email address, Telephone numbers, Ba membership numbers, First and last name, Booking reference, Itinerary, Flight number, Flight times, Seat number
Incident : Data Breach BRI0112623
Data Compromised: Personal information of employees
Incident : Data Breach BRI452080425
Data Compromised: Payment card information, Personal information
Incident : Data Breach BRI0532305101325
Data Compromised: Payment card details (e.g., 380,000 records in british airways breach), Authentication tokens, Session cookies, Personally identifiable information (pii) from checkout forms
Systems Affected: E-commerce platforms (e.g., Cisco merchandise store, Shrwaa.com)Third-party scripts (Polyfill.io, chat widgets, analytics tools)User browsers (client-side execution environment)
Operational Impact: Disrupted holiday shopping operationsDevelopment freezes limiting patch deploymentIncreased SOC workload during peak season
Conversion Rate Impact: Potential drop due to fake payment forms and compromised checkout flows
Customer Complaints: Expected increase due to payment fraud and data theft
Brand Reputation Impact: High (eroded trust in e-commerce security during critical shopping period)
Legal Liabilities: Potential PCI DSS non-compliance finesRegulatory penalties for delayed breach disclosure
Identity Theft Risk: High (stolen payment data used for fraud)
Payment Information Risk: Critical (direct theft of card details from checkout pages)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Credit Card Numbers, Expiry Dates, Security Codes, Names, Street And Email Addresses, , Email Address, Telephone Numbers, Ba Membership Numbers, First And Last Name, Booking Reference, Itinerary, Flight Number, Flight Times, Seat Number, , Personal Information, , Payment Card Information, Personal Information, , Payment Card Data (Card Numbers, Cvv, Expiry Dates), Authentication Tokens, Session Cookies, Pii From Checkout Forms (Names, Addresses, Emails) and .
Which entities were affected by each incident ?
Incident : Data Breach BRI45811122
Entity Name: British Airways
Entity Type: Company
Industry: Aviation
Location: United Kingdom
Customers Affected: 380000
Incident : Data Exposure BRI0563423
Entity Name: British Airways
Entity Type: Company
Industry: Aviation
Incident : Data Breach BRI0112623
Entity Name: British Airways
Entity Type: Company
Industry: Aviation
Location: United Kingdom
Incident : Data Breach BRI0112623
Entity Name: BBC
Entity Type: Company
Industry: Media
Location: United Kingdom
Incident : Data Breach BRI557072525
Entity Name: British Airways Plc
Entity Type: Company
Industry: Aviation
Location: United Kingdom
Incident : Data Breach BRI452080425
Entity Name: British Airways PLC
Entity Type: Company
Industry: Aviation
Customers Affected: 1588
Incident : Data Breach BRI0532305101325
Entity Name: Polyfill.io
Entity Type: Third-Party Service Provider
Industry: Web Development Tools
Location: Global
Size: 500,000+ websites impacted
Incident : Data Breach BRI0532305101325
Entity Name: Cisco
Entity Type: Corporation
Industry: Technology/Networking
Location: Global
Size: Large Enterprise
Incident : Data Breach BRI0532305101325
Entity Name: British Airways
Entity Type: Airline
Industry: Travel
Location: United Kingdom
Size: Large Enterprise
Customers Affected: 380,000
Incident : Data Breach BRI0532305101325
Entity Name: Ticketmaster
Entity Type: Ticketing Platform
Industry: Entertainment
Location: Global
Size: Large Enterprise
Incident : Data Breach BRI0532305101325
Entity Name: Shrwaa.com
Entity Type: E-commerce
Industry: Retail
Location: Kuwait
Size: Small/Medium Business
Incident : Data Breach BRI0532305101325
Entity Name: Unspecified E-commerce Sites (Grelos skimmer targets)
Entity Type: E-commerce
Industry: Retail
Location: Global
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach BRI45811122
Communication Strategy: Immediately contacted customers when the extent of the breach became clear and advised them to contact their bank or credit card provider.
Incident : Data Breach BRI0532305101325
Containment Measures: Recommended: Deploy Content Security Policy (CSP) in report-only modeRecommended: Implement Subresource Integrity (SRI) for third-party scriptsRecommended: Isolate and remove malicious scriptsRecommended: Disable compromised third-party integrations
Remediation Measures: Recommended: Conduct comprehensive script auditsRecommended: Deploy client-side monitoring tools (e.g., RASP, Web Exposure Management)Recommended: Enforce nonces for inline scripts instead of 'unsafe-inline'Recommended: Update PCI DSS 4.0.1 controls for client-side risks
Recovery Measures: Recommended: Develop client-side incident playbooksRecommended: Implement automated script inventory toolsRecommended: Enhance customer communication templates for breaches
Adaptive Behavioral WAF: Recommended: Supplement traditional WAFs with client-side protection
Enhanced Monitoring: Recommended: Real-time JavaScript execution monitoring
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach BRI45811122
Type of Data Compromised: Credit card numbers, Expiry dates, Security codes, Names, Street and email addresses
Number of Records Exposed: 380000
Sensitivity of Data: High
Data Encryption: Unbroken
Personally Identifiable Information: NamesStreet and email addresses
Incident : Data Exposure BRI0563423
Type of Data Compromised: Email address, Telephone numbers, Ba membership numbers, First and last name, Booking reference, Itinerary, Flight number, Flight times, Seat number
Personally Identifiable Information: email addresstelephone numbersBA membership numbersfirst and last name
Incident : Data Breach BRI0112623
Type of Data Compromised: Personal information
Incident : Data Breach BRI452080425
Type of Data Compromised: Payment card information, Personal information
Number of Records Exposed: 1588
Incident : Data Breach BRI0532305101325
Type of Data Compromised: Payment card data (card numbers, cvv, expiry dates), Authentication tokens, Session cookies, Pii from checkout forms (names, addresses, emails)
Number of Records Exposed: 380,000 (British Airways breach), 500,000+ websites (Polyfill.io supply chain), Unspecified (Cisco Magecart, Shrwaa.com, Grelos skimmer)
Sensitivity of Data: High (financial and personal data)
Data Exfiltration: Yes (to attacker-controlled servers via encrypted HTTPS)
Data Encryption: No (data stolen in plaintext from checkout forms)
Personally Identifiable Information: Yes (names, addresses, emails, payment details)
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Recommended: Conduct comprehensive script audits, Recommended: Deploy client-side monitoring tools (e.g., RASP, Web Exposure Management), Recommended: Enforce nonces for inline scripts instead of 'unsafe-inline', Recommended: Update PCI DSS 4.0.1 controls for client-side risks, .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by recommended: deploy content security policy (csp) in report-only mode, recommended: implement subresource integrity (sri) for third-party scripts, recommended: isolate and remove malicious scripts, recommended: disable compromised third-party integrations and .
Ransomware Information
How does the company recover data encrypted by ransomware ?
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Recommended: Develop client-side incident playbooks, Recommended: Implement automated script inventory tools, Recommended: Enhance customer communication templates for breaches, .
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach BRI0532305101325
Regulations Violated: PCI DSS 4.0.1 (client-side data protection requirements), Potential GDPR violations (for EU customer data),
Regulatory Notifications: Recommended: Mandatory disclosure under GDPR/PCI DSS for affected entities
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Data Breach BRI0532305101325
Lessons Learned: Client-side attacks bypass traditional WAFs/IDS, requiring specialized monitoring., Third-party scripts introduce significant supply chain risk, especially during high-traffic periods., Encrypted traffic (HTTPS) obscures data exfiltration from client-side attacks., Development freezes during holidays delay patching, exacerbating vulnerabilities., Shadow scripts and dynamic code behavior evade static analysis tools., Compliance frameworks (e.g., PCI DSS 4.0.1) now emphasize client-side risks but lack prescriptive guidance.
What recommendations were made to prevent future incidents ?
Incident : Data Breach BRI0532305101325
Recommendations: Category: Compliance, Actions: Align with PCI DSS 4.0.1 client-side requirements., Document client-side risk assessments for auditors., Implement logging for client-side events to meet regulatory evidence needs., Category: Compliance, Actions: Align with PCI DSS 4.0.1 client-side requirements., Document client-side risk assessments for auditors., Implement logging for client-side events to meet regulatory evidence needs., Category: Compliance, Actions: Align with PCI DSS 4.0.1 client-side requirements., Document client-side risk assessments for auditors., Implement logging for client-side events to meet regulatory evidence needs., Category: Compliance, Actions: Align with PCI DSS 4.0.1 client-side requirements., Document client-side risk assessments for auditors., Implement logging for client-side events to meet regulatory evidence needs., Category: Compliance, Actions: Align with PCI DSS 4.0.1 client-side requirements., Document client-side risk assessments for auditors., Implement logging for client-side events to meet regulatory evidence needs..
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Client-side attacks bypass traditional WAFs/IDS, requiring specialized monitoring.,Third-party scripts introduce significant supply chain risk, especially during high-traffic periods.,Encrypted traffic (HTTPS) obscures data exfiltration from client-side attacks.,Development freezes during holidays delay patching, exacerbating vulnerabilities.,Shadow scripts and dynamic code behavior evade static analysis tools.,Compliance frameworks (e.g., PCI DSS 4.0.1) now emphasize client-side risks but lack prescriptive guidance.
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Category: Incident Response, , Category: Compliance, , Category: Organizational, , Category: Detection & Monitoring, , Category: Preventive Measures and .
References
Where can I find more information about each incident ?
Incident : Data Breach BRI557072525
Source: California Office of the Attorney General
Date Accessed: 2018-11-21
Incident : Data Breach BRI452080425
Source: Washington State Office of the Attorney General
Date Accessed: 2018-11-21
Incident : Data Breach BRI0532305101325
Source: Cloudflare Holiday Season Traffic Report 2024
Incident : Data Breach BRI0532305101325
Source: British Airways Breach Post-Mortem (2018)
Incident : Data Breach BRI0532305101325
Source: Ticketmaster Customer Support Chat Breach Analysis (2019)
Incident : Data Breach BRI0532305101325
Source: Polyfill.io Supply Chain Attack Report (2024)
Incident : Data Breach BRI0532305101325
Source: Cisco Magecart Incident Disclosure (September 2024)
Incident : Data Breach BRI0532305101325
Source: PCI DSS 4.0.1 Client-Side Security Guidelines
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: California Office of the Attorney GeneralDate Accessed: 2018-11-21, and Source: Washington State Office of the Attorney GeneralDate Accessed: 2018-11-21, and Source: Cloudflare Holiday Season Traffic Report 2024, and Source: British Airways Breach Post-Mortem (2018), and Source: Ticketmaster Customer Support Chat Breach Analysis (2019), and Source: Polyfill.io Supply Chain Attack Report (2024), and Source: Cisco Magecart Incident Disclosure (September 2024), and Source: PCI DSS 4.0.1 Client-Side Security Guidelines.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach BRI0532305101325
Investigation Status: Ongoing (industry-wide analysis of 2024 holiday season attacks)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Immediately contacted customers when the extent of the breach became clear and advised them to contact their bank or credit card provider..
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach BRI45811122
Customer Advisories: Advised customers to contact their bank or credit card provider and follow their recommended advice.
Incident : Data Breach BRI0532305101325
Stakeholder Advisories: E-Commerce Platforms: Audit Third-Party Scripts Before Holiday Season., Payment Processors: Monitor For Fraud Spikes Linked To Client-Side Skimming., Regulators: Clarify Client-Side Protection Expectations In Pci Dss/Gdpr., Security Vendors: Develop Integrated Server-Side + Client-Side Monitoring Solutions..
Customer Advisories: Monitor payment card statements for unauthorized transactions.Use virtual cards or payment tokens for online holiday shopping.Report suspicious checkout behavior (e.g., unexpected redirects, additional form fields).Check browser extensions for malicious script injection risks.
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Advised customers to contact their bank or credit card provider and follow their recommended advice., E-Commerce Platforms: Audit Third-Party Scripts Before Holiday Season., Payment Processors: Monitor For Fraud Spikes Linked To Client-Side Skimming., Regulators: Clarify Client-Side Protection Expectations In Pci Dss/Gdpr., Security Vendors: Develop Integrated Server-Side + Client-Side Monitoring Solutions., Monitor Payment Card Statements For Unauthorized Transactions., Use Virtual Cards Or Payment Tokens For Online Holiday Shopping., Report Suspicious Checkout Behavior (E.G., Unexpected Redirects, Additional Form Fields)., Check Browser Extensions For Malicious Script Injection Risks. and .
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach BRI45811122
Entry Point: Gateway between the airline and a payment processor
Incident : Data Breach BRI0532305101325
Entry Point: Compromised Third-Party Scripts (E.G., Polyfill.Io, Chat Widgets), Shadow Scripts Dynamically Loaded Without Approval, Vendor Supply Chain Vulnerabilities (E.G., Customer Support Tools),
Reconnaissance Period: Varies (e.g., Polyfill.io attack began in February 2024, detected during holidays)
Backdoors Established: Yes (persistent malicious JavaScript on infected sites)
High Value Targets: E-Commerce Checkout Pages, Payment Processing Forms, Authentication Token Storage (Cookies/Localstorage),
Data Sold on Dark Web: E-Commerce Checkout Pages, Payment Processing Forms, Authentication Token Storage (Cookies/Localstorage),
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach BRI0532305101325
Root Causes: Over-Reliance On Server-Side Security Controls (Wafs/Ids) For Client-Side Threats., Lack Of Visibility Into Third-Party Script Behavior And Dependencies., Absence Of Runtime Monitoring For Javascript Execution In Browsers., Insufficient Enforcement Of Csp/Sri Despite Availability Of Standards., Development Freezes Preventing Timely Patching During Peak Seasons., Compliance Frameworks Lagging Behind Client-Side Attack Evolution.,
Corrective Actions: Mandate Csp/Sri Implementation For All Web Properties., Integrate Client-Side Monitoring Into Soc Operations., Establish Third-Party Script Governance Programs With Risk Tiering., Automate Script Inventory And Change Detection., Update Incident Response Plans To Include Client-Side Breach Scenarios., Advocate For Clearer Regulatory Guidance On Client-Side Protections.,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Recommended: Real-time JavaScript execution monitoring.
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Mandate Csp/Sri Implementation For All Web Properties., Integrate Client-Side Monitoring Into Soc Operations., Establish Third-Party Script Governance Programs With Risk Tiering., Automate Script Inventory And Change Detection., Update Incident Response Plans To Include Client-Side Breach Scenarios., Advocate For Clearer Regulatory Guidance On Client-Side Protections., .
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2018-11-21.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2024-09-01.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Credit card numbers, Expiry dates, Security codes, Names, Street and email addresses, , email address, telephone numbers, BA membership numbers, first and last name, booking reference, itinerary, flight number, flight times, seat number, , Personal Information of Employees, , Payment card information, Personal information, , Payment card details (e.g., 380,000 records in British Airways breach), Authentication tokens, Session cookies, Personally Identifiable Information (PII) from checkout forms and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident were WebsiteMobile App and E-commerce platforms (e.g., Cisco merchandise store, Shrwaa.com)Third-party scripts (Polyfill.io, chat widgets, analytics tools)User browsers (client-side execution environment).
Response to the Incidents
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Recommended: Deploy Content Security Policy (CSP) in report-only modeRecommended: Implement Subresource Integrity (SRI) for third-party scriptsRecommended: Isolate and remove malicious scriptsRecommended: Disable compromised third-party integrations.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Payment card information, Payment card details (e.g., 380,000 records in British Airways breach), Personal Information of Employees, Street and email addresses, flight number, Personal information, Expiry dates, BA membership numbers, Session cookies, itinerary, Security codes, Authentication tokens, email address, booking reference, Personally Identifiable Information (PII) from checkout forms, Names, seat number, first and last name, Credit card numbers, flight times and telephone numbers.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 880.5K.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Compliance frameworks (e.g., PCI DSS 4.0.1) now emphasize client-side risks but lack prescriptive guidance.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Category: Incident Response, , Category: Compliance, , Category: Organizational, , Category: Detection & Monitoring, , Category: Preventive Measures and .
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are PCI DSS 4.0.1 Client-Side Security Guidelines, Polyfill.io Supply Chain Attack Report (2024), Ticketmaster Customer Support Chat Breach Analysis (2019), Cloudflare Holiday Season Traffic Report 2024, California Office of the Attorney General, British Airways Breach Post-Mortem (2018), Cisco Magecart Incident Disclosure (September 2024) and Washington State Office of the Attorney General.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing (industry-wide analysis of 2024 holiday season attacks).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was E-commerce platforms: Audit third-party scripts before holiday season., Payment processors: Monitor for fraud spikes linked to client-side skimming., Regulators: Clarify client-side protection expectations in PCI DSS/GDPR., Security vendors: Develop integrated server-side + client-side monitoring solutions., .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an Advised customers to contact their bank or credit card provider and follow their recommended advice., Monitor payment card statements for unauthorized transactions.Use virtual cards or payment tokens for online holiday shopping.Report suspicious checkout behavior (e.g., unexpected redirects and additional form fields).Check browser extensions for malicious script injection risks.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Gateway between the airline and a payment processor.
What was the most recent reconnaissance period for an incident ?
Most Recent Reconnaissance Period: The most recent reconnaissance period for an incident was Varies (e.g., Polyfill.io attack began in February 2024, detected during holidays).
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=british-airways' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
