A Noticeable Trend in Airline Cybersecurity Breaches, from Delta Airlines to British Airways

April 17, 2019



BY Konstantine Zuckerman

A Noticeable Trend in Airline Cybersecurity Breaches, from Delta Airlines to British Airways

  • Delta Airlines and British Airways both had concrete “weak links” that gave hackers access to hundreds of thousands of customers’ personal data
  • Hackers are consistently outsmarting cybersecurity technology and businesses critically need to become more aware and copmliant with cybersecurity laws, regulations, and safety strategies
  • One hacker told the FBI he gained full access to airplane controls while in-flight
  • Data breaches will cost Delta Airlines and British Airways more than tens of millions of dollars to remedy

Recent data breaches and attacks on large businesses show no signs of slowing down. From Delta Airlines and British Airways, hackers are proving that no matter how much focus companies put on cybersecurity, there is almost always a weak link. Hackers steal customer data in the hundreds of thousands — including credit card numbers, names, addresses, and CVV’s (the 3-4 digit number on the back of your credit card).

The Hacking Trends To Be Aware Of
In its official statement, Delta acknowledged that its customers’ data was compromised during the period of September 26th through October 12th, 2017. The breach occurred due to a ransomware attack that utilized a third party online chat app called [24]7.ai which captured customers’ data from Delta’s website.  [24]7.ai was the weak link here — used as an entry point into Delta’s infrastructure.

As per Delta’s official statement: “We understand malware present in [24]7.ai’s software between Sept. 26 and Oct. 12, 2017, made unauthorized access possible for the following fields of information when manually completing a payment card purchase on any page of the delta.com desktop platform during the same timeframe: name, address, payment card number, CVV number, and expiration date. No other customer personal information, such as passport, government ID, security or SkyMiles information was impacted.”

Some publications say the incident exposed over 100,000 customers, due to the fact that  [24].7ai also services  other customers outside of Delta, many of whom were also exposed. The list of [24]7.ai clients includes Sears, Kmart, and Best Buy, who were also affected by the same attack.

Now, let’s take a closer look at what happened to 380,000 British Airways customers whose data was exposed during the period of August 21st through September 5th, 2018. In an official statement on its website on September 13th, 2018, British Airways provided the following update: “We are investigating, as a matter of urgency, the theft of customer data between 22:58 BST August 21 2018 until 21:45 BST September 5 2018 from our website, ba.com, and our mobile app.”

While no final results have been published yet, one group investigating the incident, called RiskIQ, pointed out that this incident occurred due to a ransomware attack that also captured customers’ payment and personal information. In this incidence, the hackers actually injected a script into British Airways’ website that was specifically designed to steal customer’s data. The report links this attack to a hacker group named Magecart which specializes in stealing credit card information and other valuable personal data by breaching into the websites of large businesses.

While hackers have yet to take over full control of commercial airplanes for malicious reasons, one person has claimed to be responsible for something almost as severe.Chris Roberts told the FBI he’s hacked into airplanes’ systems by connecting his laptop to the planes’ entertainment systems. Chris told the FBI he has done it up to 20 times and was fully controlling the planes. He also claimed that he overwrote code to issue a “CLB,”  or climb, command  while on the plane.

Inside the Delta Breach

The Delta Airlines cybersecurity breach occurred due to a weak link in the company’s infrastructure. These types of cyber attacks — where hackers take over the infrastructure of a smaller company to obtain access to the infrastructure of a larger entity that is sharing its data with the smaller third party — have been popular amongst the Fortune businesses in recent years. At the end of the day, hackers know it is easier to breach smaller businesses as they are more vulnerable and less protected than larger entities. You might think of this approach as a “back door” entrance. To avoid these types of attacks, Delta Airlines must make its third party vendor risk management assessment process more rigorous, thus requiring more security, transparency, accessibility, and better control over customer data that is shared with all third parties who have access to any aspects of Delta’s infrastructure.

Inside the British Airways Breach

The British Airways cybersecurity breach did not use a third party, but  was a well-planned, sophisticated attack that targeted users by utilizing old infrastructure of the baggage claim information page on the British Airways website. This information was then used to write script to compromise JavaScript on the website whose purpose was to continue capturing customers’ data — names, email addresses, credit card numbers, CVV numbers. All of this information was transferred directly to the hacker group. That old webpage with the baggage claim information was the weak link — and thus gave easy access to the hackers, according to a report by RiskIQ.

In this case, British Airways must focus its cybersecurity efforts on threat assessment of all consumer-facing technologies, including bug-bounty programs, to identify vulnerabilities in its infrastructure, specifically its website and mobile app, before these vulnerabilities are used again by another hacker group.

The Bottom Line
Most likely, both of these breaches will cost these airline companies more than tens of millions of dollars, especially considering the long-term effects of reputation damages. It is clear that hackers are far more advanced than existing technology. Hackers will stay ahead of the curve for as far as we can see. It has proved too difficult for companies and infrastructure to outsmart the human brain. Our society uses many interconnecting networks and devices which all are vulnerable, and there will always be “the bad guys” who take advantage of this concept.

Related Content

Keep An Ear Out For Voice Phishing

Voice phishing, also called Vishing, is an old hacking tactic, probably older than computer hacking itself. But the practice is still very common today.


stay informed!

Subscribe to receive exclusive content and notifications