British Airways Hit by Cyberattack: Hackers Claim Access to Sensitive Crew and Medical Data The pro-Russian hacktivist group Infrastructure Destruction Squad (also known as Dark Engine) has claimed responsibility for breaching British Airways’ systems, gaining access to highly sensitive data. In a Telegram post, the threat actors stated they infiltrated the airline’s Crew Portal used by pilots and cabin crew to manage schedules, sick leave, and personal information by compromising an individual’s account to reach the admin control panel. The group alleged exposure of sick leave records, including employee names, leave reasons, supervisor approvals, and AI-driven confidence levels evaluating request validity. They also claimed access to Cognino AI 360, an AI data analysis platform, where they reportedly found login credentials, API keys for insurance and financial services, and medical training files containing genetic disease data and health records. Additional compromised data allegedly includes internal network structures, penetration-testing tools, and flight crew schedules. The hackers offered full access to the breached systems including login credentials and sensitive files for $1,000. Screenshots shared on Telegram appear to support their claims, showing the Crew Portal, API servers, and Cognino 360 interfaces. In a follow-up message, the group vowed to escalate attacks, targeting industrial systems, data leaks, ransomware, and malware distribution. British Airways has not publicly responded to the claims, and Cyber Daily has sought further comment from the airline. This incident follows previous breaches at British Airways, including the 2023 MOVEit supply chain attack by the Cl0p ransomware gang and a 2018 Magecart attack that exposed the personal and financial data of 400,000 customers. The Infrastructure Destruction Squad has a history of disrupting critical infrastructure, including water treatment facilities, flood control systems, and industrial control environments across Asia, Latin America, and the EU.

2023: A Record-Breaking Year for Ransomware as Attacks Surge Past $1 Billion in Extorted Payments 2023 marked a dramatic resurgence in ransomware activity, with cybercriminals extorting over $1 billion in cryptocurrency payments the highest annual total on record. The year saw a sharp reversal from 2022’s temporary decline, driven by high-profile attacks on critical infrastructure, supply chain vulnerabilities, and the proliferation of Ransomware-as-a-Service (RaaS) models. ### Key Trends and Major Incidents - Supply Chain Attacks Dominate: The MOVEit file transfer software breach, exploited by the Cl0p ransomware group, became one of the most damaging incidents of 2023. The zero-day vulnerability allowed attackers to compromise hundreds of organizations, including British Airways, the BBC, and U.S. government agencies, exposing millions of records. Cl0p’s shift to data exfiltration over encryption proved highly effective, generating over $100 million in ransom payments and accounting for nearly 45% of all ransomware revenue in June and July. - Big Game Hunting Persists: Groups like ALPHV-BlackCat and Cl0p targeted large, deep-pocketed victims, demanding multimillion-dollar ransoms. While MGM Resorts refused to pay after an ALPHV-BlackCat attack, the incident still cost the company over $100 million in damages. - RaaS Lowers the Barrier to Entry: The Phobos and ALPHV-BlackCat strains exemplified the RaaS model, enabling less skilled attackers to launch ransomware campaigns in exchange for a cut of profits. This model fueled a 538% increase in new ransomware variants in 2023, according to Recorded Future. - Rebranding and Affiliate Fluidity: Ransomware groups frequently rebranded or shifted between strains to evade law enforcement and sanctions. Blockchain analysis revealed connections between Trickbot, Royal ransomware, and the 3AM strain, demonstrating how a small number of actors drive much of the ecosystem’s activity. ### Law Enforcement Strikes Back Despite the surge in attacks, 2023 also saw significant law enforcement victories: - FBI’s Hive Takedown: In a six-month infiltration, the FBI disrupted the Hive ransomware group, providing decryption keys to 1,300 victims and preventing an estimated $130 million in ransom payments. Statistical models suggest the operation may have averted over $210 million in total payments by disrupting Hive’s broader operations. - International Collaboration: The BlackCat (ALPHV) disruption and other joint operations highlighted increased coordination between global agencies, cybersecurity firms, and blockchain analysts to track and dismantle ransomware networks. ### Financial Flows and Money Laundering Ransomware proceeds were laundered through a mix of centralized exchanges, mixers, and emerging services like cross-chain bridges, instant exchangers, and gambling platforms. While exchanges remained the most common off-ramping method, sanctioned entities and high-concentration services (e.g., specific mixers) created vulnerabilities for law enforcement to exploit. ### The Broader Impact The $1 billion figure reflects only direct ransom payments not the full economic toll, which includes productivity losses, recovery costs, and reputational damage. The MGM Resorts attack alone demonstrated how even non-payment incidents can inflict nine-figure financial harm. 2023 underscored the adaptability of ransomware actors, who continue to refine tactics, exploit zero-day vulnerabilities, and leverage RaaS to maximize profits. While law enforcement made strides in disruption, the escalating scale and sophistication of attacks signal an enduring and evolving threat.

British Airways disclosed that the data breach experienced by the payroll service provider Zellis has an effect on them. The BBC and British Airways employees' personal information was exposed as a result of the cyberattack on the payroll service Zellis. According to reports, British Airways was one among the companies damaged by a cyber security attack against MOVEit's target, the UK-based payroll provider Zellis.

British Airways found a security bug which has the potential to expose passengers’ data, including their flight booking details and personal information. It was an attack that could expose victims’ booking reference numbers, phone numbers, email addresses and more. It was found that bad actors could either view the victim’s personal data, or manipulate their booking information. The exposed information includes email address, telephone numbers, BA membership numbers, first and last name, booking reference, itinerary, flight information like flight number, flight times, and seat number.

Credit card details of hundreds of thousands of British Airways customers were stolen over a two-week period in the most serious attack on its website and app. It immediately contacted customers when the extent of the breach became clear. Around 380,000 card payments were compromised. Hackers obtained names, street and email addresses, credit card numbers, expiry dates and security codes. The attack came 15 months after the carrier suffered a massive computer system failure at London's Heathrow airport, which stranded 75,000 customers over a holiday weekend. The attackers had not broken the airline's encryption but did not explain exactly how they had obtained the customer information. The attackers had probably targeted a gateway between the airline and a payment processor because no travel details had been stolen. BA advised customers to contact their bank or credit card provider and follow their recommended advice.

The Washington State Office of the Attorney General reported a data breach involving British Airways PLC on November 21, 2018. The breach, which occurred from August 21, 2018 to September 5, 2018, was due to a cyberattack involving malware, potentially exposing the payment card and personal information of approximately 1,588 Washington residents.

In 2018, British Airways suffered a Magecart (e-skimming) attack where attackers injected malicious JavaScript into its payment checkout page, exploiting a third-party script vulnerability. The breach went undetected for two weeks, during which 380,000 customers' payment card details (including names, addresses, credit card numbers, CVV codes, and expiry dates) were harvested directly from the browser environment. The attack bypassed traditional security measures like WAFs and intrusion detection systems by operating entirely client-side, leveraging encrypted HTTPS traffic to exfiltrate data to attacker-controlled servers. The incident resulted in regulatory fines (£20M by ICO), reputational damage, and a class-action lawsuit from affected customers. The breach highlighted critical gaps in monitoring dynamic client-side code and third-party script dependencies, which remained unaddressed despite robust server-side defenses. The financial and operational fallout extended beyond immediate fraud losses, impacting customer trust during peak travel seasons.

The California Office of the Attorney General reported a data breach involving British Airways Plc on November 21, 2018. The breach dates include October 21, 2018, September 5, 2018, April 21, 2018, and July 28, 2018. The breach involved the compromise of personal and financial information of customers, which could have significant consequences for the company and its customers.