BA
Between 21st August and 5th September 2018, about 380,000 payment cards were compromised after a theft of data from the BA. The share price fell nearly 3% within hours of the theft being reported. Experts believe that as customers typed in their credit card details to purchase tickets a piece of malicious code on the BA website was secretly extracting these details and sending them to someone else. This is an increasing problem for websites that embed code from third-party suppliers – it is known as a supply chain attack. Third parties may supply code to run payment authorisation, present ads or allow users to log into external services, for example. Under the new European General Data Protection Requirement (GDPR), organizations have 72 hours to gather all related information and report any data breaches to the relevant regulator. The maximum fine under the new legislation is up to a maximum of 4% of total turnover.
Cathay Pacific
Shares in Cathay Pacific fell more than 6 per cent to a 9 year low on Thursday 25th October 2018 after the airline reported that it had suffered a major data leak affecting the information of up to 9.4m passengers. Pacific Cathay said it had detected “suspicious activity” on its IT systems in March and had confirmed unauthorised access to passengers’ personal information – which included passport numbers, dates of birth and credit card details – in May. The airline spokesman has admitted that it has taken seven months to notify people so as to “have accurate information to share.”