IAG
Company Details
Linkedin ID:
international-airlines-group-iag-
Website:
Employees number:
602
Number of followers:
71,398
NAICS:
481
Industry Type:
Homepage:
iairgroup.com
IP Addresses:
0
Company ID:
INT_1645470
Scan Status:
In-progress
International Airlines Group (IAG) Company CyberSecurity Posture
iairgroup.com
International Airlines Group (IAG) is one of the world’s largest airline groups with 600+ aircraft carrying more than 122 million customers to 260 destinations across 91 countries each year. Formed in January 2011, IAG is the parent company of Aer Lingus, British Airways, Iberia, Vueling and LEVEL. It is a Spanish registered company with shares traded on the London Stock Exchange and Spanish Stock Exchanges. The corporate head office for IAG is in London, UK. IAG combines leading airlines in the UK, Ireland and Spain, enabling them to enhance their presence in the aviation market while retaining their individual brands and current operations. The airlines' customers benefit from a larger combined network for both passengers and cargo, and a greater ability to invest in new products and services through improved financial robustness.
International Airlines Group (IAG) A.I CyberSecurity Scoring
IAG Risk Score (AI oriented)Between 750 and 799
IAG
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
IAG Global Score (TPRM)XXXX
IAG
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
IAG Company CyberSecurity News & History
Past Incidents
6
Attack Types
3
British Airways Plc
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: The California Office of the Attorney General reported a data breach involving British Airways Plc on November 21, 2018. The breach dates include October 21, 2018, September 5, 2018, April 21, 2018, and July 28, 2018. The breach involved the compromise of personal and financial information of customers, which could have significant consequences for the company and its customers.
British Airways
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: British Airways disclosed that the data breach experienced by the payroll service provider Zellis has an effect on them. The BBC and British Airways employees' personal information was exposed as a result of the cyberattack on the payroll service Zellis. According to reports, British Airways was one among the companies damaged by a cyber security attack against MOVEit's target, the UK-based payroll provider Zellis.
British Airways Plc
Cyber Attack
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The Washington State Office of the Attorney General reported a data breach involving British Airways PLC on November 21, 2018. The breach, which occurred from August 21, 2018 to September 5, 2018, was due to a cyberattack involving malware, potentially exposing the payment card and personal information of approximately 1,588 Washington residents.
British Airways
Cyber Attack
Rankiteo Explanation
Attack threatening the organization’s existence
Description: In 2018, British Airways suffered a **Magecart (e-skimming) attack** where attackers injected malicious JavaScript into its payment checkout page, exploiting a third-party script vulnerability. The breach went undetected for **two weeks**, during which **380,000 customers' payment card details** (including names, addresses, credit card numbers, CVV codes, and expiry dates) were harvested directly from the browser environment. The attack bypassed traditional security measures like WAFs and intrusion detection systems by operating entirely client-side, leveraging encrypted HTTPS traffic to exfiltrate data to attacker-controlled servers. The incident resulted in **regulatory fines (£20M by ICO)**, reputational damage, and a **class-action lawsuit** from affected customers. The breach highlighted critical gaps in monitoring dynamic client-side code and third-party script dependencies, which remained unaddressed despite robust server-side defenses. The financial and operational fallout extended beyond immediate fraud losses, impacting customer trust during peak travel seasons.
British Airways
Data Leak
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Credit card details of hundreds of thousands of British Airways customers were stolen over a two-week period in the most serious attack on its website and app. It immediately contacted customers when the extent of the breach became clear. Around 380,000 card payments were compromised. Hackers obtained names, street and email addresses, credit card numbers, expiry dates and security codes. The attack came 15 months after the carrier suffered a massive computer system failure at London's Heathrow airport, which stranded 75,000 customers over a holiday weekend. The attackers had not broken the airline's encryption but did not explain exactly how they had obtained the customer information. The attackers had probably targeted a gateway between the airline and a payment processor because no travel details had been stolen. BA advised customers to contact their bank or credit card provider and follow their recommended advice.
British Airways
Data Leak
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: British Airways found a security bug which has the potential to expose passengers’ data, including their flight booking details and personal information. It was an attack that could expose victims’ booking reference numbers, phone numbers, email addresses and more. It was found that bad actors could either view the victim’s personal data, or manipulate their booking information. The exposed information includes email address, telephone numbers, BA membership numbers, first and last name, booking reference, itinerary, flight information like flight number, flight times, and seat number.
IAG Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for IAG
Incidents vs Airlines and Aviation Industry Average (This Year)
No incidents recorded for International Airlines Group (IAG) in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for International Airlines Group (IAG) in 2025.
Incident Types IAG vs Airlines and Aviation Industry Avg (This Year)
No incidents recorded for International Airlines Group (IAG) in 2025.
Incident History — IAG (X = Date, Y = Severity)
IAG cyber incidents detection timeline including parent company and subsidiaries
IAG Company Subsidiaries
International Airlines Group (IAG) is one of the world’s largest airline groups with 600+ aircraft carrying more than 122 million customers to 260 destinations across 91 countries each year. Formed in January 2011, IAG is the parent company of Aer Lingus, British Airways, Iberia, Vueling and LEVEL. It is a Spanish registered company with shares traded on the London Stock Exchange and Spanish Stock Exchanges. The corporate head office for IAG is in London, UK. IAG combines leading airlines in the UK, Ireland and Spain, enabling them to enhance their presence in the aviation market while retaining their individual brands and current operations. The airlines' customers benefit from a larger combined network for both passengers and cargo, and a greater ability to invest in new products and services through improved financial robustness.
Loading...
IAG Similar Companies
British Airways
As a global airline and the UK’s flag carrier, British Airways has been flying its customers to where they need to be for more than 100 years. The airline connects Britain with the world and the world with Britain, operating one of the most extensive international scheduled airline route networks to
Cathay Pacific
Welcome to the official Cathay Pacific LinkedIn page. We have over 200 destinations in our global network, but want to do more than just move you from A to B. We want to take you further in your journey, and ultimately, to move beyond. And we’re here to do what we can to help you discover what’s nex
China Eastern Airlines, North America
As one of the three major air carriers in China, headquartered in Shanghai, China Eastern Airlines operates 111 domestic and overseas branches across the globe. Flying a fleet of 730 aircraft which is one of the youngest fleets in major airlines worldwide. Moreover, it boasts the largest-scale in-fl
Ethiopian Airlines
Ethiopian Airlines Group (Ethiopian) is a true African success story, transforming a visionary dream into a globally renowned reality for nearly eight decades. Operating flights to more than 160 domestic and international passenger, and cargo destinations across five continents, Ethiopian bridges th
Air France
Depuis 1933, la compagnie Air France porte haut les couleurs de la France à travers le monde entier. Avec une activité, répartie entre le transport aérien de passagers, le fret, la maintenance et l’entretien aéronautique, Air France est un acteur majeur du secteur aérien. Plus de 45 000 collaborateu
SpiceJet Limited
Red. Hot. Spicy. That’s not just our tagline, it’s how we fly. Red reflects the bold spirit we bring to every journey, energetic, passionate, and full of heart. Hot captures the warmth of our service and the vibrant destinations we connect. Spicy is our drive to keep travel exciting through innovati
We’re creating an airline people love. It begins with each Alaska Airlines employee, bringing unique strengths and energy to our work in the air and on the ground. Every day, we go beyond what’s expected and reach for the remarkable, together. Welcome to our LinkedIn page. We like conversations on
easyJet
We’re on a mission to make low-cost travel easy. Whatever your role, you’ll connect millions of people to what they love using Europe’s best airline network, great value fares, and friendly service. And to help us get there we’ll give you everything you need to make a personal impact on our growing
The Lufthansa Group is an aviation company with operations worldwide. It plays a leading role in its European home market. With 109,509 employees, the Lufthansa Group generated revenue of EUR 32.770m in the financial year 2022. The Passenger Airlines segment includes, on the one hand, the network a
.png)
IAG CyberSecurity News
November 26, 2025 12:58 PM
International Consolidated Airlines Group (IAG) Today: Share Price, €1bn Buyback, Iberia Cyberattack and TAP Bid – 26 November 2025
International Consolidated Airlines Group (IAG) Today: Share Price, €1bn Buyback, Iberia Cyberattack and TAP Bid – 26 November 2025...
November 24, 2025 07:07 PM
Iberia Data Breach Exposes Customer Details via Supplier Vulnerability
In the fast-paced world of aviation, where data flows as freely as jet streams, a single vulnerability can ground an entire operation.
November 24, 2025 10:15 AM
Iberia Airlines Notifies Customers of Supply Chain Data Breach
Customers of Iberia Airlines will need to be on high alert for phishing attacks after the carrier revealed personal information had been...
November 23, 2025 05:35 PM
Iberia discloses security incident tied to supplier breach
Iberia warns customers of a supplier-related data breach as a threat actor claims to hold 77GB of stolen airline data.
October 13, 2025 07:00 AM
Breaking: LAX Flights Grounded in Major Outage – Was a Cyberattack to Blame? (Oct 2025)
Major ground stop: On Oct. 12, 2025 the FAA ordered a ground stop at Los Angeles International Airport (LAX) after an “equipment outage”...
October 10, 2025 07:00 AM
Summit in the skies: Aviation’s big players land in Lisbon
Day 2 of the World Aviation Festival 2025 in Lisbon brought together some of the most influential voices in global aviation.
October 08, 2025 07:00 AM
Palo Alto Networks’ AI-Fueled Surge: Stock Soars on Cybersecurity Boom, Bold Forecasts & Big Deals
Stock Rallying on Strong Momentum: Palo Alto Networks (NASDAQ: PANW) traded around $216 per share on October 8, 2025, up roughly 3–4% over...
September 30, 2025 07:00 AM
Investors in International Consolidated Airlines Group (LON:IAG) have seen massive returns of 332% over the past five years
For many, the main point of investing in the stock market is to achieve spectacular returns. While the best companies...
September 22, 2025 07:00 AM
Disruption Continues in Wake of European Airports Cyberattack
The EU's cybersecurity agency has confirmed 'third party' involvement in the hack on the outsourced systems for check-ins and boarding.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
IAG CyberSecurity History Information
Official Website of International Airlines Group (IAG)
The official website of International Airlines Group (IAG) is http://www.iairgroup.com/.
International Airlines Group (IAG)’s AI-Generated Cybersecurity Score
According to Rankiteo, International Airlines Group (IAG)’s AI-generated cybersecurity score is 798, reflecting their Fair security posture.
How many security badges does International Airlines Group (IAG)’ have ?
According to Rankiteo, International Airlines Group (IAG) currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does International Airlines Group (IAG) have SOC 2 Type 1 certification ?
According to Rankiteo, International Airlines Group (IAG) is not certified under SOC 2 Type 1.
Does International Airlines Group (IAG) have SOC 2 Type 2 certification ?
According to Rankiteo, International Airlines Group (IAG) does not hold a SOC 2 Type 2 certification.
Does International Airlines Group (IAG) comply with GDPR ?
According to Rankiteo, International Airlines Group (IAG) is not listed as GDPR compliant.
Does International Airlines Group (IAG) have PCI DSS certification ?
According to Rankiteo, International Airlines Group (IAG) does not currently maintain PCI DSS compliance.
Does International Airlines Group (IAG) comply with HIPAA ?
According to Rankiteo, International Airlines Group (IAG) is not compliant with HIPAA regulations.
Does International Airlines Group (IAG) have ISO 27001 certification ?
According to Rankiteo,International Airlines Group (IAG) is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of International Airlines Group (IAG)
International Airlines Group (IAG) operates primarily in the Airlines and Aviation industry.
Number of Employees at International Airlines Group (IAG)
International Airlines Group (IAG) employs approximately 602 people worldwide.
Subsidiaries Owned by International Airlines Group (IAG)
International Airlines Group (IAG) presently has no subsidiaries across any sectors.
International Airlines Group (IAG)’s LinkedIn Followers
International Airlines Group (IAG)’s official LinkedIn profile has approximately 71,398 followers.
NAICS Classification of International Airlines Group (IAG)
International Airlines Group (IAG) is classified under the NAICS code 481, which corresponds to Air Transportation.
International Airlines Group (IAG)’s Presence on Crunchbase
Yes, International Airlines Group (IAG) has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/international-airlines-group.
International Airlines Group (IAG)’s Presence on LinkedIn
Yes, International Airlines Group (IAG) maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/international-airlines-group-iag-.
Cybersecurity Incidents Involving International Airlines Group (IAG)
As of November 27, 2025, Rankiteo reports that International Airlines Group (IAG) has experienced 6 cybersecurity incidents.
Number of Peer and Competitor Companies
International Airlines Group (IAG) has an estimated 3,298 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at International Airlines Group (IAG) ?
Incident Types: The types of cybersecurity incidents that have occurred include Data Leak, Breach and Cyber Attack.
How does International Airlines Group (IAG) detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an communication strategy with immediately contacted customers when the extent of the breach became clear and advised them to contact their bank or credit card provider., and containment measures with recommended: deploy content security policy (csp) in report-only mode, containment measures with recommended: implement subresource integrity (sri) for third-party scripts, containment measures with recommended: isolate and remove malicious scripts, containment measures with recommended: disable compromised third-party integrations, and remediation measures with recommended: conduct comprehensive script audits, remediation measures with recommended: deploy client-side monitoring tools (e.g., rasp, web exposure management), remediation measures with recommended: enforce nonces for inline scripts instead of 'unsafe-inline', remediation measures with recommended: update pci dss 4.0.1 controls for client-side risks, and recovery measures with recommended: develop client-side incident playbooks, recovery measures with recommended: implement automated script inventory tools, recovery measures with recommended: enhance customer communication templates for breaches, and adaptive behavioral waf with recommended: supplement traditional wafs with client-side protection, and enhanced monitoring with recommended: real-time javascript execution monitoring..
Incident Details
Can you provide details on each incident ?
Title: British Airways Data Breach
Description: Credit card details of hundreds of thousands of British Airways customers were stolen over a two-week period in the most serious attack on its website and app.
Type: Data Breach
Attack Vector: WebsiteMobile App
Vulnerability Exploited: Gateway between the airline and a payment processor
Motivation: Financial Gain
Title: British Airways Data Exposure Incident
Description: British Airways found a security bug which has the potential to expose passengers’ data, including their flight booking details and personal information. The exposed information includes email address, telephone numbers, BA membership numbers, first and last name, booking reference, itinerary, flight information like flight number, flight times, and seat number.
Type: Data Exposure
Attack Vector: View victim's personal dataManipulate booking information
Title: British Airways Data Breach via Zellis Payroll Service
Description: British Airways disclosed that the data breach experienced by the payroll service provider Zellis has an effect on them. The BBC and British Airways employees' personal information was exposed as a result of the cyberattack on the payroll service Zellis.
Type: Data Breach
Attack Vector: Cyberattack on payroll service provider
Title: British Airways Data Breach
Description: The California Office of the Attorney General reported a data breach involving British Airways Plc on November 21, 2018. The breach dates include October 21, 2018, September 5, 2018, April 21, 2018, and July 28, 2018.
Date Detected: 2018-11-21
Date Publicly Disclosed: 2018-11-21
Type: Data Breach
Title: British Airways Data Breach
Description: The Washington State Office of the Attorney General reported a data breach involving British Airways PLC on November 21, 2018. The breach, which occurred from August 21, 2018 to September 5, 2018, was due to a cyberattack involving malware, potentially exposing the payment card and personal information of approximately 1,588 Washington residents.
Date Detected: 2018-09-05
Date Publicly Disclosed: 2018-11-21
Type: Data Breach
Attack Vector: Malware
Title: 2024 Holiday Season Client-Side Attacks: Polyfill.io Breach and Cisco Magecart Incident
Description: The 2024 holiday season witnessed a surge in client-side attacks exploiting third-party JavaScript vulnerabilities, including the Polyfill.io supply chain breach (affecting 500,000+ websites) and the Cisco Magecart attack targeting holiday shoppers. These incidents highlighted critical visibility gaps in Web Application Firewalls (WAFs) and intrusion detection systems, which fail to monitor malicious JavaScript executing in users' browsers. Attackers leveraged encrypted traffic, dynamic script behavior, and shadow scripts to steal payment data undetected, with attacks increasing by 690% during peak shopping periods. Notable examples included the British Airways (2018) and Ticketmaster (2019) breaches, alongside 2024 incidents like the Kuwaiti e-commerce site Shrwaa.com and the Grelos skimmer variant deploying fake payment forms before Black Friday.
Date Publicly Disclosed: 2024-09-01
Type: Data Breach
Attack Vector: Compromised Third-Party JavaScript (Polyfill.io, chat widgets, analytics platforms)Shadow Scripts (unauthorized/dynamically loaded scripts)DOM Manipulation (fake payment forms)Session/Cookie HijackingEncrypted HTTPS Traffic ExfiltrationSupply Chain Compromise (vendor scripts)
Vulnerability Exploited: Lack of Content Security Policy (CSP) enforcementAbsence of Subresource Integrity (SRI) checksUnmonitored third-party script dependenciesInsufficient client-side runtime monitoringOver-reliance on server-side WAFs/IDS for client-side threatsPCI DSS 4.0.1 compliance gaps in client-side data protection
Motivation: Financial Gain (theft of payment card data during high-transaction holiday season)
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Gateway between the airline and a payment processor, Compromised third-party scripts (e.g., Polyfill.io, chat widgets)Shadow scripts dynamically loaded without approvalVendor supply chain vulnerabilities (e.g. and customer support tools).
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach BRI45811122
Data Compromised: Credit card numbers, Expiry dates, Security codes, Names, Street and email addresses
Systems Affected: WebsiteMobile App
Payment Information Risk: High
Incident : Data Exposure BRI0563423
Data Compromised: Email address, Telephone numbers, Ba membership numbers, First and last name, Booking reference, Itinerary, Flight number, Flight times, Seat number
Incident : Data Breach BRI0112623
Data Compromised: Personal information of employees
Incident : Data Breach BRI452080425
Data Compromised: Payment card information, Personal information
Incident : Data Breach BRI0532305101325
Data Compromised: Payment card details (e.g., 380,000 records in british airways breach), Authentication tokens, Session cookies, Personally identifiable information (pii) from checkout forms
Systems Affected: E-commerce platforms (e.g., Cisco merchandise store, Shrwaa.com)Third-party scripts (Polyfill.io, chat widgets, analytics tools)User browsers (client-side execution environment)
Operational Impact: Disrupted holiday shopping operationsDevelopment freezes limiting patch deploymentIncreased SOC workload during peak season
Conversion Rate Impact: Potential drop due to fake payment forms and compromised checkout flows
Customer Complaints: Expected increase due to payment fraud and data theft
Brand Reputation Impact: High (eroded trust in e-commerce security during critical shopping period)
Legal Liabilities: Potential PCI DSS non-compliance finesRegulatory penalties for delayed breach disclosure
Identity Theft Risk: High (stolen payment data used for fraud)
Payment Information Risk: Critical (direct theft of card details from checkout pages)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Credit Card Numbers, Expiry Dates, Security Codes, Names, Street And Email Addresses, , Email Address, Telephone Numbers, Ba Membership Numbers, First And Last Name, Booking Reference, Itinerary, Flight Number, Flight Times, Seat Number, , Personal Information, , Payment Card Information, Personal Information, , Payment Card Data (Card Numbers, Cvv, Expiry Dates), Authentication Tokens, Session Cookies, Pii From Checkout Forms (Names, Addresses, Emails) and .
Which entities were affected by each incident ?
Incident : Data Breach BRI45811122
Entity Name: British Airways
Entity Type: Company
Industry: Aviation
Location: United Kingdom
Customers Affected: 380000
Incident : Data Exposure BRI0563423
Entity Name: British Airways
Entity Type: Company
Industry: Aviation
Incident : Data Breach BRI0112623
Entity Name: British Airways
Entity Type: Company
Industry: Aviation
Location: United Kingdom
Incident : Data Breach BRI0112623
Entity Name: BBC
Entity Type: Company
Industry: Media
Location: United Kingdom
Incident : Data Breach BRI557072525
Entity Name: British Airways Plc
Entity Type: Company
Industry: Aviation
Location: United Kingdom
Incident : Data Breach BRI452080425
Entity Name: British Airways PLC
Entity Type: Company
Industry: Aviation
Customers Affected: 1588
Incident : Data Breach BRI0532305101325
Entity Name: Polyfill.io
Entity Type: Third-Party Service Provider
Industry: Web Development Tools
Location: Global
Size: 500,000+ websites impacted
Incident : Data Breach BRI0532305101325
Entity Name: Cisco
Entity Type: Corporation
Industry: Technology/Networking
Location: Global
Size: Large Enterprise
Incident : Data Breach BRI0532305101325
Entity Name: British Airways
Entity Type: Airline
Industry: Travel
Location: United Kingdom
Size: Large Enterprise
Customers Affected: 380,000
Incident : Data Breach BRI0532305101325
Entity Name: Ticketmaster
Entity Type: Ticketing Platform
Industry: Entertainment
Location: Global
Size: Large Enterprise
Incident : Data Breach BRI0532305101325
Entity Name: Shrwaa.com
Entity Type: E-commerce
Industry: Retail
Location: Kuwait
Size: Small/Medium Business
Incident : Data Breach BRI0532305101325
Entity Name: Unspecified E-commerce Sites (Grelos skimmer targets)
Entity Type: E-commerce
Industry: Retail
Location: Global
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach BRI45811122
Communication Strategy: Immediately contacted customers when the extent of the breach became clear and advised them to contact their bank or credit card provider.
Incident : Data Breach BRI0532305101325
Containment Measures: Recommended: Deploy Content Security Policy (CSP) in report-only modeRecommended: Implement Subresource Integrity (SRI) for third-party scriptsRecommended: Isolate and remove malicious scriptsRecommended: Disable compromised third-party integrations
Remediation Measures: Recommended: Conduct comprehensive script auditsRecommended: Deploy client-side monitoring tools (e.g., RASP, Web Exposure Management)Recommended: Enforce nonces for inline scripts instead of 'unsafe-inline'Recommended: Update PCI DSS 4.0.1 controls for client-side risks
Recovery Measures: Recommended: Develop client-side incident playbooksRecommended: Implement automated script inventory toolsRecommended: Enhance customer communication templates for breaches
Adaptive Behavioral WAF: Recommended: Supplement traditional WAFs with client-side protection
Enhanced Monitoring: Recommended: Real-time JavaScript execution monitoring
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach BRI45811122
Type of Data Compromised: Credit card numbers, Expiry dates, Security codes, Names, Street and email addresses
Number of Records Exposed: 380000
Sensitivity of Data: High
Data Encryption: Unbroken
Personally Identifiable Information: NamesStreet and email addresses
Incident : Data Exposure BRI0563423
Type of Data Compromised: Email address, Telephone numbers, Ba membership numbers, First and last name, Booking reference, Itinerary, Flight number, Flight times, Seat number
Personally Identifiable Information: email addresstelephone numbersBA membership numbersfirst and last name
Incident : Data Breach BRI0112623
Type of Data Compromised: Personal information
Incident : Data Breach BRI452080425
Type of Data Compromised: Payment card information, Personal information
Number of Records Exposed: 1588
Incident : Data Breach BRI0532305101325
Type of Data Compromised: Payment card data (card numbers, cvv, expiry dates), Authentication tokens, Session cookies, Pii from checkout forms (names, addresses, emails)
Number of Records Exposed: 380,000 (British Airways breach), 500,000+ websites (Polyfill.io supply chain), Unspecified (Cisco Magecart, Shrwaa.com, Grelos skimmer)
Sensitivity of Data: High (financial and personal data)
Data Exfiltration: Yes (to attacker-controlled servers via encrypted HTTPS)
Data Encryption: No (data stolen in plaintext from checkout forms)
Personally Identifiable Information: Yes (names, addresses, emails, payment details)
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Recommended: Conduct comprehensive script audits, Recommended: Deploy client-side monitoring tools (e.g., RASP, Web Exposure Management), Recommended: Enforce nonces for inline scripts instead of 'unsafe-inline', Recommended: Update PCI DSS 4.0.1 controls for client-side risks, .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by recommended: deploy content security policy (csp) in report-only mode, recommended: implement subresource integrity (sri) for third-party scripts, recommended: isolate and remove malicious scripts, recommended: disable compromised third-party integrations and .
Ransomware Information
How does the company recover data encrypted by ransomware ?
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Recommended: Develop client-side incident playbooks, Recommended: Implement automated script inventory tools, Recommended: Enhance customer communication templates for breaches, .
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach BRI0532305101325
Regulations Violated: PCI DSS 4.0.1 (client-side data protection requirements), Potential GDPR violations (for EU customer data),
Regulatory Notifications: Recommended: Mandatory disclosure under GDPR/PCI DSS for affected entities
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Data Breach BRI0532305101325
Lessons Learned: Client-side attacks bypass traditional WAFs/IDS, requiring specialized monitoring., Third-party scripts introduce significant supply chain risk, especially during high-traffic periods., Encrypted traffic (HTTPS) obscures data exfiltration from client-side attacks., Development freezes during holidays delay patching, exacerbating vulnerabilities., Shadow scripts and dynamic code behavior evade static analysis tools., Compliance frameworks (e.g., PCI DSS 4.0.1) now emphasize client-side risks but lack prescriptive guidance.
What recommendations were made to prevent future incidents ?
Incident : Data Breach BRI0532305101325
Recommendations: Category: Compliance, Actions: Align with PCI DSS 4.0.1 client-side requirements., Document client-side risk assessments for auditors., Implement logging for client-side events to meet regulatory evidence needs., Category: Compliance, Actions: Align with PCI DSS 4.0.1 client-side requirements., Document client-side risk assessments for auditors., Implement logging for client-side events to meet regulatory evidence needs., Category: Compliance, Actions: Align with PCI DSS 4.0.1 client-side requirements., Document client-side risk assessments for auditors., Implement logging for client-side events to meet regulatory evidence needs., Category: Compliance, Actions: Align with PCI DSS 4.0.1 client-side requirements., Document client-side risk assessments for auditors., Implement logging for client-side events to meet regulatory evidence needs., Category: Compliance, Actions: Align with PCI DSS 4.0.1 client-side requirements., Document client-side risk assessments for auditors., Implement logging for client-side events to meet regulatory evidence needs..
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Client-side attacks bypass traditional WAFs/IDS, requiring specialized monitoring.,Third-party scripts introduce significant supply chain risk, especially during high-traffic periods.,Encrypted traffic (HTTPS) obscures data exfiltration from client-side attacks.,Development freezes during holidays delay patching, exacerbating vulnerabilities.,Shadow scripts and dynamic code behavior evade static analysis tools.,Compliance frameworks (e.g., PCI DSS 4.0.1) now emphasize client-side risks but lack prescriptive guidance.
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Category: Incident Response, , Category: Compliance, , Category: Organizational, , Category: Detection & Monitoring, , Category: Preventive Measures and .
References
Where can I find more information about each incident ?
Incident : Data Breach BRI557072525
Source: California Office of the Attorney General
Date Accessed: 2018-11-21
Incident : Data Breach BRI452080425
Source: Washington State Office of the Attorney General
Date Accessed: 2018-11-21
Incident : Data Breach BRI0532305101325
Source: Cloudflare Holiday Season Traffic Report 2024
Incident : Data Breach BRI0532305101325
Source: British Airways Breach Post-Mortem (2018)
Incident : Data Breach BRI0532305101325
Source: Ticketmaster Customer Support Chat Breach Analysis (2019)
Incident : Data Breach BRI0532305101325
Source: Polyfill.io Supply Chain Attack Report (2024)
Incident : Data Breach BRI0532305101325
Source: Cisco Magecart Incident Disclosure (September 2024)
Incident : Data Breach BRI0532305101325
Source: PCI DSS 4.0.1 Client-Side Security Guidelines
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: California Office of the Attorney GeneralDate Accessed: 2018-11-21, and Source: Washington State Office of the Attorney GeneralDate Accessed: 2018-11-21, and Source: Cloudflare Holiday Season Traffic Report 2024, and Source: British Airways Breach Post-Mortem (2018), and Source: Ticketmaster Customer Support Chat Breach Analysis (2019), and Source: Polyfill.io Supply Chain Attack Report (2024), and Source: Cisco Magecart Incident Disclosure (September 2024), and Source: PCI DSS 4.0.1 Client-Side Security Guidelines.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach BRI0532305101325
Investigation Status: Ongoing (industry-wide analysis of 2024 holiday season attacks)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Immediately contacted customers when the extent of the breach became clear and advised them to contact their bank or credit card provider..
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach BRI45811122
Customer Advisories: Advised customers to contact their bank or credit card provider and follow their recommended advice.
Incident : Data Breach BRI0532305101325
Stakeholder Advisories: E-Commerce Platforms: Audit Third-Party Scripts Before Holiday Season., Payment Processors: Monitor For Fraud Spikes Linked To Client-Side Skimming., Regulators: Clarify Client-Side Protection Expectations In Pci Dss/Gdpr., Security Vendors: Develop Integrated Server-Side + Client-Side Monitoring Solutions..
Customer Advisories: Monitor payment card statements for unauthorized transactions.Use virtual cards or payment tokens for online holiday shopping.Report suspicious checkout behavior (e.g., unexpected redirects, additional form fields).Check browser extensions for malicious script injection risks.
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Advised customers to contact their bank or credit card provider and follow their recommended advice., E-Commerce Platforms: Audit Third-Party Scripts Before Holiday Season., Payment Processors: Monitor For Fraud Spikes Linked To Client-Side Skimming., Regulators: Clarify Client-Side Protection Expectations In Pci Dss/Gdpr., Security Vendors: Develop Integrated Server-Side + Client-Side Monitoring Solutions., Monitor Payment Card Statements For Unauthorized Transactions., Use Virtual Cards Or Payment Tokens For Online Holiday Shopping., Report Suspicious Checkout Behavior (E.G., Unexpected Redirects, Additional Form Fields)., Check Browser Extensions For Malicious Script Injection Risks. and .
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach BRI45811122
Entry Point: Gateway between the airline and a payment processor
Incident : Data Breach BRI0532305101325
Entry Point: Compromised Third-Party Scripts (E.G., Polyfill.Io, Chat Widgets), Shadow Scripts Dynamically Loaded Without Approval, Vendor Supply Chain Vulnerabilities (E.G., Customer Support Tools),
Reconnaissance Period: Varies (e.g., Polyfill.io attack began in February 2024, detected during holidays)
Backdoors Established: Yes (persistent malicious JavaScript on infected sites)
High Value Targets: E-Commerce Checkout Pages, Payment Processing Forms, Authentication Token Storage (Cookies/Localstorage),
Data Sold on Dark Web: E-Commerce Checkout Pages, Payment Processing Forms, Authentication Token Storage (Cookies/Localstorage),
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach BRI0532305101325
Root Causes: Over-Reliance On Server-Side Security Controls (Wafs/Ids) For Client-Side Threats., Lack Of Visibility Into Third-Party Script Behavior And Dependencies., Absence Of Runtime Monitoring For Javascript Execution In Browsers., Insufficient Enforcement Of Csp/Sri Despite Availability Of Standards., Development Freezes Preventing Timely Patching During Peak Seasons., Compliance Frameworks Lagging Behind Client-Side Attack Evolution.,
Corrective Actions: Mandate Csp/Sri Implementation For All Web Properties., Integrate Client-Side Monitoring Into Soc Operations., Establish Third-Party Script Governance Programs With Risk Tiering., Automate Script Inventory And Change Detection., Update Incident Response Plans To Include Client-Side Breach Scenarios., Advocate For Clearer Regulatory Guidance On Client-Side Protections.,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Recommended: Real-time JavaScript execution monitoring.
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Mandate Csp/Sri Implementation For All Web Properties., Integrate Client-Side Monitoring Into Soc Operations., Establish Third-Party Script Governance Programs With Risk Tiering., Automate Script Inventory And Change Detection., Update Incident Response Plans To Include Client-Side Breach Scenarios., Advocate For Clearer Regulatory Guidance On Client-Side Protections., .
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2018-11-21.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2024-09-01.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Credit card numbers, Expiry dates, Security codes, Names, Street and email addresses, , email address, telephone numbers, BA membership numbers, first and last name, booking reference, itinerary, flight number, flight times, seat number, , Personal Information of Employees, , Payment card information, Personal information, , Payment card details (e.g., 380,000 records in British Airways breach), Authentication tokens, Session cookies, Personally Identifiable Information (PII) from checkout forms and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident were WebsiteMobile App and E-commerce platforms (e.g., Cisco merchandise store, Shrwaa.com)Third-party scripts (Polyfill.io, chat widgets, analytics tools)User browsers (client-side execution environment).
Response to the Incidents
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Recommended: Deploy Content Security Policy (CSP) in report-only modeRecommended: Implement Subresource Integrity (SRI) for third-party scriptsRecommended: Isolate and remove malicious scriptsRecommended: Disable compromised third-party integrations.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Payment card information, Payment card details (e.g., 380,000 records in British Airways breach), Personal Information of Employees, Street and email addresses, flight number, Personal information, Expiry dates, BA membership numbers, Session cookies, itinerary, Security codes, Authentication tokens, email address, booking reference, Personally Identifiable Information (PII) from checkout forms, Names, seat number, first and last name, Credit card numbers, flight times and telephone numbers.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 880.5K.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Compliance frameworks (e.g., PCI DSS 4.0.1) now emphasize client-side risks but lack prescriptive guidance.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Category: Incident Response, , Category: Compliance, , Category: Organizational, , Category: Detection & Monitoring, , Category: Preventive Measures and .
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are PCI DSS 4.0.1 Client-Side Security Guidelines, Polyfill.io Supply Chain Attack Report (2024), Ticketmaster Customer Support Chat Breach Analysis (2019), Cloudflare Holiday Season Traffic Report 2024, California Office of the Attorney General, British Airways Breach Post-Mortem (2018), Cisco Magecart Incident Disclosure (September 2024) and Washington State Office of the Attorney General.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing (industry-wide analysis of 2024 holiday season attacks).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was E-commerce platforms: Audit third-party scripts before holiday season., Payment processors: Monitor for fraud spikes linked to client-side skimming., Regulators: Clarify client-side protection expectations in PCI DSS/GDPR., Security vendors: Develop integrated server-side + client-side monitoring solutions., .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an Advised customers to contact their bank or credit card provider and follow their recommended advice., Monitor payment card statements for unauthorized transactions.Use virtual cards or payment tokens for online holiday shopping.Report suspicious checkout behavior (e.g., unexpected redirects and additional form fields).Check browser extensions for malicious script injection risks.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Gateway between the airline and a payment processor.
What was the most recent reconnaissance period for an incident ?
Most Recent Reconnaissance Period: The most recent reconnaissance period for an incident was Varies (e.g., Polyfill.io attack began in February 2024, detected during holidays).
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=international-airlines-group-iag-' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
