Cyber Incident Victim: British Airways
Date:
Mar 2015
Location:
United Kingdom
Summary
British Airways experienced unauthorized access to tens of thousands of frequent-flyer accounts through an automated program exploiting third-party information, though no personal data, payment details, or travel histories were compromised. The airline promptly froze affected accounts to prevent further access, apologized for the inconvenience, and assured customers of ongoing efforts to resolve the issue and restore system functionality. While the attack's origin remained unidentified, the incident was attributed to automated scanning for security vulnerabilities rather than direct breaches of the company's internal systems.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In March 2015, British Airways disclosed unauthorised access to tens of thousands of its Executive Club frequent-flyer accounts. The airline identified the breach as the result of an automated computer program systematically probing its online security systems for vulnerabilities. Attackers leveraged information obtained from external internet sources to attempt credential-based access, though BA confirmed no successful extraction of personal data occurred. The compromised accounts were immediately frozen to prevent further access, temporarily restricting affected customers from redeeming loyalty points. British Airways emphasised that critical information pages—including travel histories, payment card details, names, addresses, and bank information—remained unaccessed throughout the incident.
The airline characterised the breach as impacting only a small fraction of its millions of loyalty program members. A spokesperson attributed the attack to third parties employing automated techniques rather than a direct compromise of BA’s internal systems. Response measures included account lockdowns, security reinforcements, and direct communication with impacted customers. British Airways apologised for the inconvenience and anticipated restoring full account functionality within approximately 24 hours. No evidence suggested threat actors progressed beyond initial account access or targeted additional data repositories. The incident remained under investigation, with no attribution to specific threat actors or groups disclosed publicly.