British Airways
Company Details
Linkedin ID:
british-airways
Website:
Employees number:
31,334
Number of followers:
1,055,209
NAICS:
481
Industry Type:
Homepage:
http://www.ba.com
IP Addresses:
0
Company ID:
BRI_2282734
Scan Status:
In-progress
British Airways Company CyberSecurity Posture
http://www.ba.com
As a global airline and the UK’s flag carrier, British Airways has been flying its customers to where they need to be for more than 100 years. The airline connects Britain with the world and the world with Britain, operating one of the most extensive international scheduled airline route networks together with its joint business, codeshare and franchise partners. Together with its affiliates, British Airways operates to around 200 destinations in over 75 countries throughout Europe, North America, South America, Asia, Africa and Australia. In September 2021, British Airways launched its sustainability programme, BA Better World, committing to put sustainability at the heart of everything it does and with a clear roadmap to achieve net zero carbon emissions by 2050. Unfortunately, we're unable to answer any specific customer service queries here. If you need to contact someone about our service or need immediate assistance, please DM us directly on Instagram, Facebook or X.
British Airways A.I CyberSecurity Scoring
British Airways Risk Score (AI oriented)Between 700 and 749
British Airways
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
British Airways Global Score (TPRM)XXXX
British Airways
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
British Airways Company CyberSecurity News & History
Past Incidents
6
Attack Types
3
British Airways Plc
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: The California Office of the Attorney General reported a data breach involving British Airways Plc on November 21, 2018. The breach dates include October 21, 2018, September 5, 2018, April 21, 2018, and July 28, 2018. The breach involved the compromise of personal and financial information of customers, which could have significant consequences for the company and its customers.
British Airways
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: British Airways disclosed that the data breach experienced by the payroll service provider Zellis has an effect on them. The BBC and British Airways employees' personal information was exposed as a result of the cyberattack on the payroll service Zellis. According to reports, British Airways was one among the companies damaged by a cyber security attack against MOVEit's target, the UK-based payroll provider Zellis.
British Airways Plc
Cyber Attack
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The Washington State Office of the Attorney General reported a data breach involving British Airways PLC on November 21, 2018. The breach, which occurred from August 21, 2018 to September 5, 2018, was due to a cyberattack involving malware, potentially exposing the payment card and personal information of approximately 1,588 Washington residents.
British Airways
Cyber Attack
Rankiteo Explanation
Attack threatening the organization’s existence
Description: In 2018, British Airways suffered a **Magecart (e-skimming) attack** where attackers injected malicious JavaScript into its payment checkout page, exploiting a third-party script vulnerability. The breach went undetected for **two weeks**, during which **380,000 customers' payment card details** (including names, addresses, credit card numbers, CVV codes, and expiry dates) were harvested directly from the browser environment. The attack bypassed traditional security measures like WAFs and intrusion detection systems by operating entirely client-side, leveraging encrypted HTTPS traffic to exfiltrate data to attacker-controlled servers. The incident resulted in **regulatory fines (£20M by ICO)**, reputational damage, and a **class-action lawsuit** from affected customers. The breach highlighted critical gaps in monitoring dynamic client-side code and third-party script dependencies, which remained unaddressed despite robust server-side defenses. The financial and operational fallout extended beyond immediate fraud losses, impacting customer trust during peak travel seasons.
British Airways
Data Leak
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Credit card details of hundreds of thousands of British Airways customers were stolen over a two-week period in the most serious attack on its website and app. It immediately contacted customers when the extent of the breach became clear. Around 380,000 card payments were compromised. Hackers obtained names, street and email addresses, credit card numbers, expiry dates and security codes. The attack came 15 months after the carrier suffered a massive computer system failure at London's Heathrow airport, which stranded 75,000 customers over a holiday weekend. The attackers had not broken the airline's encryption but did not explain exactly how they had obtained the customer information. The attackers had probably targeted a gateway between the airline and a payment processor because no travel details had been stolen. BA advised customers to contact their bank or credit card provider and follow their recommended advice.
British Airways
Data Leak
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: British Airways found a security bug which has the potential to expose passengers’ data, including their flight booking details and personal information. It was an attack that could expose victims’ booking reference numbers, phone numbers, email addresses and more. It was found that bad actors could either view the victim’s personal data, or manipulate their booking information. The exposed information includes email address, telephone numbers, BA membership numbers, first and last name, booking reference, itinerary, flight information like flight number, flight times, and seat number.
British Airways Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for British Airways
Incidents vs Airlines and Aviation Industry Average (This Year)
No incidents recorded for British Airways in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for British Airways in 2025.
Incident Types British Airways vs Airlines and Aviation Industry Avg (This Year)
No incidents recorded for British Airways in 2025.
Incident History — British Airways (X = Date, Y = Severity)
British Airways cyber incidents detection timeline including parent company and subsidiaries
British Airways Company Subsidiaries
As a global airline and the UK’s flag carrier, British Airways has been flying its customers to where they need to be for more than 100 years. The airline connects Britain with the world and the world with Britain, operating one of the most extensive international scheduled airline route networks together with its joint business, codeshare and franchise partners. Together with its affiliates, British Airways operates to around 200 destinations in over 75 countries throughout Europe, North America, South America, Asia, Africa and Australia. In September 2021, British Airways launched its sustainability programme, BA Better World, committing to put sustainability at the heart of everything it does and with a clear roadmap to achieve net zero carbon emissions by 2050. Unfortunately, we're unable to answer any specific customer service queries here. If you need to contact someone about our service or need immediate assistance, please DM us directly on Instagram, Facebook or X.
Loading...
British Airways Similar Companies
JetBlue
When JetBlue first took flight in February 2000, our founding goal was to bring humanity back to air travel, and over two decades later, we still put our customers, crewmembers and communities at the center of everything we do. Before we even had aircraft to fly, our founders selected five values
SAUDI AIRLINES
At Saudia Group, we're on a mission to inspire people to go beyond borders. Our purpose is rooted in unlocking human potential and connecting the world in ways never thought possible. We are committed to reshaping the aviation ecosystem in our region and beyond, by embracing innovation and a custome
At Southwest®, everything we do—from our smiling People to our policies—is designed to let you go with Heart. No matter what comes up in your travels, we’ve got your back. Because while any airline can fly you, only Southwest lets you go with Heart. Application fees don’t fly. The only way to apply
China Eastern Airlines, North America
As one of the three major air carriers in China, headquartered in Shanghai, China Eastern Airlines operates 111 domestic and overseas branches across the globe. Flying a fleet of 730 aircraft which is one of the youngest fleets in major airlines worldwide. Moreover, it boasts the largest-scale in-fl
Canada's largest airline, the country’s flag carrier and a founding member of Star Alliance, the world's most comprehensive air transportation network celebrating its 25thanniversary in 2022, Air Canada provides scheduled passenger service directly to 51 airports in Canada, 51 in the United States a
KLM Royal Dutch Airlines
Welcome to our LinkedIn page! To learn how we can assist you, please check: http://klmf.ly/ContactCentre. KLM was founded in 1919 and is the oldest airline in the world. With a vast network of European and intercontinental destinations, KLM can offer direct flights to major cities and economic cen
Lufthansa is one of the world’s leading airlines, connecting passengers to over 200 destinations across 74 countries from our hubs in Frankfurt and Munich. As an industry pioneer, we are committed to shaping the future of sustainable aviation, investing in next-generation aircraft, cutting-edge tec
Qatar Airways
Qatar Airways is the national airline of the State of Qatar. Based in Doha, the Airline’s trendsetting on-board product focuses on: comfort, fine cuisine, the latest in-flight audio & video entertainment, award-winning service and one of the youngest and most advanced aircraft fleet in the sky. Awa
How time flies. #18YearsOfIndiGo IndiGo is India’s largest passenger airline. We primarily operate in India’s domestic air travel market as a low-cost carrier with focus on our three pillars – offering low fares, being on-time and delivering a courteous and hassle-free experience. IndiGo has become
.png)
British Airways CyberSecurity News
September 25, 2025 07:00 AM
British Police Arrest Man Linked to European Airport Cyber Attack
Heathrow Airport (LHR) reported initial delays affecting hundreds of flights, but British Airways (BA) activated backup systems to minimize...
September 22, 2025 07:00 AM
Flights across Europe delayed after cyberattack targets third-party vendor
A suspected ransomware attack targeting a U.S. company that provides check-in technology has led to widespread flight disruptions since...
September 22, 2025 07:00 AM
EU cyber agency says airport software held to ransom by criminals
The EU's cyber security agency says criminals are using ransomware to cause chaos in airports around the world.
September 22, 2025 07:00 AM
Cyber attacks are now coming for your holiday
Following a weekend of disruption at several major European airports, cyber security experts say this is only the beginning.
September 21, 2025 07:00 AM
Cyberattack Disrupts Check-In at Major European Airports
Cyberattack disrupts check-in systems at european airports such as Heathrow, Brussels, and Berlin, exposing cybersecurity vulnerabilities.
September 21, 2025 07:00 AM
Cyber Attack Cripples European Airports Amid Rising Aviation Threats
A sophisticated cyber attack on Collins Aerospace disrupted operations at major European airports on Friday night, affecting check-in and...
September 20, 2025 07:00 AM
Cyberattack hits check-in systems at some of Europe’s busiest airports
Heathrow, Brussels and Berlin airports among major European hubs confirming disruptions as a result of the attack.
September 20, 2025 07:00 AM
Heathrow cyber-attack: Day of delays after airport check-in system hit
Heathrow was among several European airports hit by delays on Saturday after a cyber-attack affecting an electronic check-in and baggage...
September 12, 2025 07:00 AM
Scattered Lapsus$ Hunters Hacker Group Announces Shutdown
Scattered Lapsus$ Hunters, linked to the Jaguar Land Rover cyberattack, claims to shut down as experts suggest the group is fracturing under...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
British Airways CyberSecurity History Information
Official Website of British Airways
The official website of British Airways is http://www.ba.com.
British Airways’s AI-Generated Cybersecurity Score
According to Rankiteo, British Airways’s AI-generated cybersecurity score is 744, reflecting their Moderate security posture.
How many security badges does British Airways’ have ?
According to Rankiteo, British Airways currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does British Airways have SOC 2 Type 1 certification ?
According to Rankiteo, British Airways is not certified under SOC 2 Type 1.
Does British Airways have SOC 2 Type 2 certification ?
According to Rankiteo, British Airways does not hold a SOC 2 Type 2 certification.
Does British Airways comply with GDPR ?
According to Rankiteo, British Airways is not listed as GDPR compliant.
Does British Airways have PCI DSS certification ?
According to Rankiteo, British Airways does not currently maintain PCI DSS compliance.
Does British Airways comply with HIPAA ?
According to Rankiteo, British Airways is not compliant with HIPAA regulations.
Does British Airways have ISO 27001 certification ?
According to Rankiteo,British Airways is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of British Airways
British Airways operates primarily in the Airlines and Aviation industry.
Number of Employees at British Airways
British Airways employs approximately 31,334 people worldwide.
Subsidiaries Owned by British Airways
British Airways presently has no subsidiaries across any sectors.
British Airways’s LinkedIn Followers
British Airways’s official LinkedIn profile has approximately 1,055,209 followers.
NAICS Classification of British Airways
British Airways is classified under the NAICS code 481, which corresponds to Air Transportation.
British Airways’s Presence on Crunchbase
No, British Airways does not have a profile on Crunchbase.
British Airways’s Presence on LinkedIn
Yes, British Airways maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/british-airways.
Cybersecurity Incidents Involving British Airways
As of December 11, 2025, Rankiteo reports that British Airways has experienced 6 cybersecurity incidents.
Number of Peer and Competitor Companies
British Airways has an estimated 3,515 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at British Airways ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach, Cyber Attack and Data Leak.
How does British Airways detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an communication strategy with immediately contacted customers when the extent of the breach became clear and advised them to contact their bank or credit card provider., and containment measures with recommended: deploy content security policy (csp) in report-only mode, containment measures with recommended: implement subresource integrity (sri) for third-party scripts, containment measures with recommended: isolate and remove malicious scripts, containment measures with recommended: disable compromised third-party integrations, and remediation measures with recommended: conduct comprehensive script audits, remediation measures with recommended: deploy client-side monitoring tools (e.g., rasp, web exposure management), remediation measures with recommended: enforce nonces for inline scripts instead of 'unsafe-inline', remediation measures with recommended: update pci dss 4.0.1 controls for client-side risks, and recovery measures with recommended: develop client-side incident playbooks, recovery measures with recommended: implement automated script inventory tools, recovery measures with recommended: enhance customer communication templates for breaches, and adaptive behavioral waf with recommended: supplement traditional wafs with client-side protection, and enhanced monitoring with recommended: real-time javascript execution monitoring..
Incident Details
Can you provide details on each incident ?
Title: British Airways Data Breach
Description: Credit card details of hundreds of thousands of British Airways customers were stolen over a two-week period in the most serious attack on its website and app.
Type: Data Breach
Attack Vector: WebsiteMobile App
Vulnerability Exploited: Gateway between the airline and a payment processor
Motivation: Financial Gain
Title: British Airways Data Exposure Incident
Description: British Airways found a security bug which has the potential to expose passengers’ data, including their flight booking details and personal information. The exposed information includes email address, telephone numbers, BA membership numbers, first and last name, booking reference, itinerary, flight information like flight number, flight times, and seat number.
Type: Data Exposure
Attack Vector: View victim's personal dataManipulate booking information
Title: British Airways Data Breach via Zellis Payroll Service
Description: British Airways disclosed that the data breach experienced by the payroll service provider Zellis has an effect on them. The BBC and British Airways employees' personal information was exposed as a result of the cyberattack on the payroll service Zellis.
Type: Data Breach
Attack Vector: Cyberattack on payroll service provider
Title: British Airways Data Breach
Description: The California Office of the Attorney General reported a data breach involving British Airways Plc on November 21, 2018. The breach dates include October 21, 2018, September 5, 2018, April 21, 2018, and July 28, 2018.
Date Detected: 2018-11-21
Date Publicly Disclosed: 2018-11-21
Type: Data Breach
Title: British Airways Data Breach
Description: The Washington State Office of the Attorney General reported a data breach involving British Airways PLC on November 21, 2018. The breach, which occurred from August 21, 2018 to September 5, 2018, was due to a cyberattack involving malware, potentially exposing the payment card and personal information of approximately 1,588 Washington residents.
Date Detected: 2018-09-05
Date Publicly Disclosed: 2018-11-21
Type: Data Breach
Attack Vector: Malware
Title: 2024 Holiday Season Client-Side Attacks: Polyfill.io Breach and Cisco Magecart Incident
Description: The 2024 holiday season witnessed a surge in client-side attacks exploiting third-party JavaScript vulnerabilities, including the Polyfill.io supply chain breach (affecting 500,000+ websites) and the Cisco Magecart attack targeting holiday shoppers. These incidents highlighted critical visibility gaps in Web Application Firewalls (WAFs) and intrusion detection systems, which fail to monitor malicious JavaScript executing in users' browsers. Attackers leveraged encrypted traffic, dynamic script behavior, and shadow scripts to steal payment data undetected, with attacks increasing by 690% during peak shopping periods. Notable examples included the British Airways (2018) and Ticketmaster (2019) breaches, alongside 2024 incidents like the Kuwaiti e-commerce site Shrwaa.com and the Grelos skimmer variant deploying fake payment forms before Black Friday.
Date Publicly Disclosed: 2024-09-01
Type: Data Breach
Attack Vector: Compromised Third-Party JavaScript (Polyfill.io, chat widgets, analytics platforms)Shadow Scripts (unauthorized/dynamically loaded scripts)DOM Manipulation (fake payment forms)Session/Cookie HijackingEncrypted HTTPS Traffic ExfiltrationSupply Chain Compromise (vendor scripts)
Vulnerability Exploited: Lack of Content Security Policy (CSP) enforcementAbsence of Subresource Integrity (SRI) checksUnmonitored third-party script dependenciesInsufficient client-side runtime monitoringOver-reliance on server-side WAFs/IDS for client-side threatsPCI DSS 4.0.1 compliance gaps in client-side data protection
Motivation: Financial Gain (theft of payment card data during high-transaction holiday season)
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Gateway between the airline and a payment processor, Compromised third-party scripts (e.g., Polyfill.io, chat widgets)Shadow scripts dynamically loaded without approvalVendor supply chain vulnerabilities (e.g. and customer support tools).
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach BRI45811122
Data Compromised: Credit card numbers, Expiry dates, Security codes, Names, Street and email addresses
Systems Affected: WebsiteMobile App
Payment Information Risk: High
Incident : Data Exposure BRI0563423
Data Compromised: Email address, Telephone numbers, Ba membership numbers, First and last name, Booking reference, Itinerary, Flight number, Flight times, Seat number
Incident : Data Breach BRI0112623
Data Compromised: Personal information of employees
Incident : Data Breach BRI452080425
Data Compromised: Payment card information, Personal information
Incident : Data Breach BRI0532305101325
Data Compromised: Payment card details (e.g., 380,000 records in british airways breach), Authentication tokens, Session cookies, Personally identifiable information (pii) from checkout forms
Systems Affected: E-commerce platforms (e.g., Cisco merchandise store, Shrwaa.com)Third-party scripts (Polyfill.io, chat widgets, analytics tools)User browsers (client-side execution environment)
Operational Impact: Disrupted holiday shopping operationsDevelopment freezes limiting patch deploymentIncreased SOC workload during peak season
Conversion Rate Impact: Potential drop due to fake payment forms and compromised checkout flows
Customer Complaints: Expected increase due to payment fraud and data theft
Brand Reputation Impact: High (eroded trust in e-commerce security during critical shopping period)
Legal Liabilities: Potential PCI DSS non-compliance finesRegulatory penalties for delayed breach disclosure
Identity Theft Risk: High (stolen payment data used for fraud)
Payment Information Risk: Critical (direct theft of card details from checkout pages)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Credit Card Numbers, Expiry Dates, Security Codes, Names, Street And Email Addresses, , Email Address, Telephone Numbers, Ba Membership Numbers, First And Last Name, Booking Reference, Itinerary, Flight Number, Flight Times, Seat Number, , Personal Information, , Payment Card Information, Personal Information, , Payment Card Data (Card Numbers, Cvv, Expiry Dates), Authentication Tokens, Session Cookies, Pii From Checkout Forms (Names, Addresses, Emails) and .
Which entities were affected by each incident ?
Incident : Data Breach BRI45811122
Entity Name: British Airways
Entity Type: Company
Industry: Aviation
Location: United Kingdom
Customers Affected: 380000
Incident : Data Exposure BRI0563423
Entity Name: British Airways
Entity Type: Company
Industry: Aviation
Incident : Data Breach BRI0112623
Entity Name: British Airways
Entity Type: Company
Industry: Aviation
Location: United Kingdom
Incident : Data Breach BRI0112623
Entity Name: BBC
Entity Type: Company
Industry: Media
Location: United Kingdom
Incident : Data Breach BRI557072525
Entity Name: British Airways Plc
Entity Type: Company
Industry: Aviation
Location: United Kingdom
Incident : Data Breach BRI452080425
Entity Name: British Airways PLC
Entity Type: Company
Industry: Aviation
Customers Affected: 1588
Incident : Data Breach BRI0532305101325
Entity Name: Polyfill.io
Entity Type: Third-Party Service Provider
Industry: Web Development Tools
Location: Global
Size: 500,000+ websites impacted
Incident : Data Breach BRI0532305101325
Entity Name: Cisco
Entity Type: Corporation
Industry: Technology/Networking
Location: Global
Size: Large Enterprise
Incident : Data Breach BRI0532305101325
Entity Name: British Airways
Entity Type: Airline
Industry: Travel
Location: United Kingdom
Size: Large Enterprise
Customers Affected: 380,000
Incident : Data Breach BRI0532305101325
Entity Name: Ticketmaster
Entity Type: Ticketing Platform
Industry: Entertainment
Location: Global
Size: Large Enterprise
Incident : Data Breach BRI0532305101325
Entity Name: Shrwaa.com
Entity Type: E-commerce
Industry: Retail
Location: Kuwait
Size: Small/Medium Business
Incident : Data Breach BRI0532305101325
Entity Name: Unspecified E-commerce Sites (Grelos skimmer targets)
Entity Type: E-commerce
Industry: Retail
Location: Global
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach BRI45811122
Communication Strategy: Immediately contacted customers when the extent of the breach became clear and advised them to contact their bank or credit card provider.
Incident : Data Breach BRI0532305101325
Containment Measures: Recommended: Deploy Content Security Policy (CSP) in report-only modeRecommended: Implement Subresource Integrity (SRI) for third-party scriptsRecommended: Isolate and remove malicious scriptsRecommended: Disable compromised third-party integrations
Remediation Measures: Recommended: Conduct comprehensive script auditsRecommended: Deploy client-side monitoring tools (e.g., RASP, Web Exposure Management)Recommended: Enforce nonces for inline scripts instead of 'unsafe-inline'Recommended: Update PCI DSS 4.0.1 controls for client-side risks
Recovery Measures: Recommended: Develop client-side incident playbooksRecommended: Implement automated script inventory toolsRecommended: Enhance customer communication templates for breaches
Adaptive Behavioral WAF: Recommended: Supplement traditional WAFs with client-side protection
Enhanced Monitoring: Recommended: Real-time JavaScript execution monitoring
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach BRI45811122
Type of Data Compromised: Credit card numbers, Expiry dates, Security codes, Names, Street and email addresses
Number of Records Exposed: 380000
Sensitivity of Data: High
Data Encryption: Unbroken
Personally Identifiable Information: NamesStreet and email addresses
Incident : Data Exposure BRI0563423
Type of Data Compromised: Email address, Telephone numbers, Ba membership numbers, First and last name, Booking reference, Itinerary, Flight number, Flight times, Seat number
Personally Identifiable Information: email addresstelephone numbersBA membership numbersfirst and last name
Incident : Data Breach BRI0112623
Type of Data Compromised: Personal information
Incident : Data Breach BRI452080425
Type of Data Compromised: Payment card information, Personal information
Number of Records Exposed: 1588
Incident : Data Breach BRI0532305101325
Type of Data Compromised: Payment card data (card numbers, cvv, expiry dates), Authentication tokens, Session cookies, Pii from checkout forms (names, addresses, emails)
Number of Records Exposed: 380,000 (British Airways breach), 500,000+ websites (Polyfill.io supply chain), Unspecified (Cisco Magecart, Shrwaa.com, Grelos skimmer)
Sensitivity of Data: High (financial and personal data)
Data Exfiltration: Yes (to attacker-controlled servers via encrypted HTTPS)
Data Encryption: No (data stolen in plaintext from checkout forms)
Personally Identifiable Information: Yes (names, addresses, emails, payment details)
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Recommended: Conduct comprehensive script audits, Recommended: Deploy client-side monitoring tools (e.g., RASP, Web Exposure Management), Recommended: Enforce nonces for inline scripts instead of 'unsafe-inline', Recommended: Update PCI DSS 4.0.1 controls for client-side risks, .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by recommended: deploy content security policy (csp) in report-only mode, recommended: implement subresource integrity (sri) for third-party scripts, recommended: isolate and remove malicious scripts, recommended: disable compromised third-party integrations and .
Ransomware Information
How does the company recover data encrypted by ransomware ?
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Recommended: Develop client-side incident playbooks, Recommended: Implement automated script inventory tools, Recommended: Enhance customer communication templates for breaches, .
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach BRI0532305101325
Regulations Violated: PCI DSS 4.0.1 (client-side data protection requirements), Potential GDPR violations (for EU customer data),
Regulatory Notifications: Recommended: Mandatory disclosure under GDPR/PCI DSS for affected entities
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Data Breach BRI0532305101325
Lessons Learned: Client-side attacks bypass traditional WAFs/IDS, requiring specialized monitoring., Third-party scripts introduce significant supply chain risk, especially during high-traffic periods., Encrypted traffic (HTTPS) obscures data exfiltration from client-side attacks., Development freezes during holidays delay patching, exacerbating vulnerabilities., Shadow scripts and dynamic code behavior evade static analysis tools., Compliance frameworks (e.g., PCI DSS 4.0.1) now emphasize client-side risks but lack prescriptive guidance.
What recommendations were made to prevent future incidents ?
Incident : Data Breach BRI0532305101325
Recommendations: Category: Compliance, Actions: Align with PCI DSS 4.0.1 client-side requirements., Document client-side risk assessments for auditors., Implement logging for client-side events to meet regulatory evidence needs., Category: Compliance, Actions: Align with PCI DSS 4.0.1 client-side requirements., Document client-side risk assessments for auditors., Implement logging for client-side events to meet regulatory evidence needs., Category: Compliance, Actions: Align with PCI DSS 4.0.1 client-side requirements., Document client-side risk assessments for auditors., Implement logging for client-side events to meet regulatory evidence needs., Category: Compliance, Actions: Align with PCI DSS 4.0.1 client-side requirements., Document client-side risk assessments for auditors., Implement logging for client-side events to meet regulatory evidence needs., Category: Compliance, Actions: Align with PCI DSS 4.0.1 client-side requirements., Document client-side risk assessments for auditors., Implement logging for client-side events to meet regulatory evidence needs..
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Client-side attacks bypass traditional WAFs/IDS, requiring specialized monitoring.,Third-party scripts introduce significant supply chain risk, especially during high-traffic periods.,Encrypted traffic (HTTPS) obscures data exfiltration from client-side attacks.,Development freezes during holidays delay patching, exacerbating vulnerabilities.,Shadow scripts and dynamic code behavior evade static analysis tools.,Compliance frameworks (e.g., PCI DSS 4.0.1) now emphasize client-side risks but lack prescriptive guidance.
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Category: Preventive Measures, , Category: Incident Response, , Category: Compliance, , Category: Organizational, , Category: Detection & Monitoring and .
References
Where can I find more information about each incident ?
Incident : Data Breach BRI557072525
Source: California Office of the Attorney General
Date Accessed: 2018-11-21
Incident : Data Breach BRI452080425
Source: Washington State Office of the Attorney General
Date Accessed: 2018-11-21
Incident : Data Breach BRI0532305101325
Source: Cloudflare Holiday Season Traffic Report 2024
Incident : Data Breach BRI0532305101325
Source: British Airways Breach Post-Mortem (2018)
Incident : Data Breach BRI0532305101325
Source: Ticketmaster Customer Support Chat Breach Analysis (2019)
Incident : Data Breach BRI0532305101325
Source: Polyfill.io Supply Chain Attack Report (2024)
Incident : Data Breach BRI0532305101325
Source: Cisco Magecart Incident Disclosure (September 2024)
Incident : Data Breach BRI0532305101325
Source: PCI DSS 4.0.1 Client-Side Security Guidelines
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: California Office of the Attorney GeneralDate Accessed: 2018-11-21, and Source: Washington State Office of the Attorney GeneralDate Accessed: 2018-11-21, and Source: Cloudflare Holiday Season Traffic Report 2024, and Source: British Airways Breach Post-Mortem (2018), and Source: Ticketmaster Customer Support Chat Breach Analysis (2019), and Source: Polyfill.io Supply Chain Attack Report (2024), and Source: Cisco Magecart Incident Disclosure (September 2024), and Source: PCI DSS 4.0.1 Client-Side Security Guidelines.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach BRI0532305101325
Investigation Status: Ongoing (industry-wide analysis of 2024 holiday season attacks)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Immediately contacted customers when the extent of the breach became clear and advised them to contact their bank or credit card provider..
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach BRI45811122
Customer Advisories: Advised customers to contact their bank or credit card provider and follow their recommended advice.
Incident : Data Breach BRI0532305101325
Stakeholder Advisories: E-Commerce Platforms: Audit Third-Party Scripts Before Holiday Season., Payment Processors: Monitor For Fraud Spikes Linked To Client-Side Skimming., Regulators: Clarify Client-Side Protection Expectations In Pci Dss/Gdpr., Security Vendors: Develop Integrated Server-Side + Client-Side Monitoring Solutions..
Customer Advisories: Monitor payment card statements for unauthorized transactions.Use virtual cards or payment tokens for online holiday shopping.Report suspicious checkout behavior (e.g., unexpected redirects, additional form fields).Check browser extensions for malicious script injection risks.
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Advised customers to contact their bank or credit card provider and follow their recommended advice., E-Commerce Platforms: Audit Third-Party Scripts Before Holiday Season., Payment Processors: Monitor For Fraud Spikes Linked To Client-Side Skimming., Regulators: Clarify Client-Side Protection Expectations In Pci Dss/Gdpr., Security Vendors: Develop Integrated Server-Side + Client-Side Monitoring Solutions., Monitor Payment Card Statements For Unauthorized Transactions., Use Virtual Cards Or Payment Tokens For Online Holiday Shopping., Report Suspicious Checkout Behavior (E.G., Unexpected Redirects, Additional Form Fields)., Check Browser Extensions For Malicious Script Injection Risks. and .
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach BRI45811122
Entry Point: Gateway between the airline and a payment processor
Incident : Data Breach BRI0532305101325
Entry Point: Compromised Third-Party Scripts (E.G., Polyfill.Io, Chat Widgets), Shadow Scripts Dynamically Loaded Without Approval, Vendor Supply Chain Vulnerabilities (E.G., Customer Support Tools),
Reconnaissance Period: Varies (e.g., Polyfill.io attack began in February 2024, detected during holidays)
Backdoors Established: Yes (persistent malicious JavaScript on infected sites)
High Value Targets: E-Commerce Checkout Pages, Payment Processing Forms, Authentication Token Storage (Cookies/Localstorage),
Data Sold on Dark Web: E-Commerce Checkout Pages, Payment Processing Forms, Authentication Token Storage (Cookies/Localstorage),
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach BRI0532305101325
Root Causes: Over-Reliance On Server-Side Security Controls (Wafs/Ids) For Client-Side Threats., Lack Of Visibility Into Third-Party Script Behavior And Dependencies., Absence Of Runtime Monitoring For Javascript Execution In Browsers., Insufficient Enforcement Of Csp/Sri Despite Availability Of Standards., Development Freezes Preventing Timely Patching During Peak Seasons., Compliance Frameworks Lagging Behind Client-Side Attack Evolution.,
Corrective Actions: Mandate Csp/Sri Implementation For All Web Properties., Integrate Client-Side Monitoring Into Soc Operations., Establish Third-Party Script Governance Programs With Risk Tiering., Automate Script Inventory And Change Detection., Update Incident Response Plans To Include Client-Side Breach Scenarios., Advocate For Clearer Regulatory Guidance On Client-Side Protections.,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Recommended: Real-time JavaScript execution monitoring.
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Mandate Csp/Sri Implementation For All Web Properties., Integrate Client-Side Monitoring Into Soc Operations., Establish Third-Party Script Governance Programs With Risk Tiering., Automate Script Inventory And Change Detection., Update Incident Response Plans To Include Client-Side Breach Scenarios., Advocate For Clearer Regulatory Guidance On Client-Side Protections., .
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2018-11-21.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2024-09-01.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Credit card numbers, Expiry dates, Security codes, Names, Street and email addresses, , email address, telephone numbers, BA membership numbers, first and last name, booking reference, itinerary, flight number, flight times, seat number, , Personal Information of Employees, , Payment card information, Personal information, , Payment card details (e.g., 380,000 records in British Airways breach), Authentication tokens, Session cookies, Personally Identifiable Information (PII) from checkout forms and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident were WebsiteMobile App and E-commerce platforms (e.g., Cisco merchandise store, Shrwaa.com)Third-party scripts (Polyfill.io, chat widgets, analytics tools)User browsers (client-side execution environment).
Response to the Incidents
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Recommended: Deploy Content Security Policy (CSP) in report-only modeRecommended: Implement Subresource Integrity (SRI) for third-party scriptsRecommended: Isolate and remove malicious scriptsRecommended: Disable compromised third-party integrations.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Security codes, Payment card details (e.g., 380,000 records in British Airways breach), Names, itinerary, BA membership numbers, Session cookies, telephone numbers, flight times, seat number, Personally Identifiable Information (PII) from checkout forms, Authentication tokens, Street and email addresses, Personal Information of Employees, Expiry dates, first and last name, Credit card numbers, Personal information, booking reference, Payment card information, flight number and email address.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 880.5K.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Compliance frameworks (e.g., PCI DSS 4.0.1) now emphasize client-side risks but lack prescriptive guidance.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Category: Preventive Measures, , Category: Incident Response, , Category: Compliance, , Category: Organizational, , Category: Detection & Monitoring and .
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are British Airways Breach Post-Mortem (2018), California Office of the Attorney General, Ticketmaster Customer Support Chat Breach Analysis (2019), Polyfill.io Supply Chain Attack Report (2024), Cloudflare Holiday Season Traffic Report 2024, PCI DSS 4.0.1 Client-Side Security Guidelines, Washington State Office of the Attorney General and Cisco Magecart Incident Disclosure (September 2024).
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing (industry-wide analysis of 2024 holiday season attacks).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was E-commerce platforms: Audit third-party scripts before holiday season., Payment processors: Monitor for fraud spikes linked to client-side skimming., Regulators: Clarify client-side protection expectations in PCI DSS/GDPR., Security vendors: Develop integrated server-side + client-side monitoring solutions., .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an Advised customers to contact their bank or credit card provider and follow their recommended advice., Monitor payment card statements for unauthorized transactions.Use virtual cards or payment tokens for online holiday shopping.Report suspicious checkout behavior (e.g., unexpected redirects and additional form fields).Check browser extensions for malicious script injection risks.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Gateway between the airline and a payment processor.
What was the most recent reconnaissance period for an incident ?
Most Recent Reconnaissance Period: The most recent reconnaissance period for an incident was Varies (e.g., Polyfill.io attack began in February 2024, detected during holidays).
.png)
Latest Global CVEs (Not Company-Specific)
Description
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. (This is the app_password parameter). Depending on local configuration, this password could be the extension, voicemail, user manager, DPMA or EPM phone admin password. This issue is fixed in versions 16.0.96 and 17.0.10.
Risk Information
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare() + execute() without semantic restrictions. This is consistent with the name (“write tool”), but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause execution of destructive queries such as DROP TABLE, TRUNCATE, DELETE, ALTER, or privilege-related statements (subject to DB permissions). Deployments that expose an agent with MySQLWriteTool enabled to untrusted input and/or run the tool with a DB user that has broad privileges are impacted. This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 9.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool (e.g., for LLM agent querying, however, validation based on the first keyword (e.g., SELECT) and a forbidden-keyword list does not block file-writing constructs such as INTO OUTFILE / INTO DUMPFILE. As a result, an attacker who can influence the tool input (e.g., via prompt injection through a public agent endpoint) may write arbitrary files to the DB server if the MySQL/MariaDB account has the FILE privilege and server configuration permits writes to a useful location (e.g., a web-accessible directory). This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Description
Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. This issue is fixed in version 20.0.1.
Risk Information
cvss3
Base: 8.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
Description
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in versions 4.11.2 and 4.12.1.
Risk Information
cvss3
Base: 5.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=british-airways' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
