On September 7, 2018, British Airways disclosed that a data breach had impacted customer information taken from approximately 380,000 booking transactions conducted between August 21 and September 5, 2018.
Although the attack wasn’t elaborate, it was effective. A cyber attacker installed malware on British Airways’ website using a known security vulnerability to introduce malicious code that altered the behavior of the booking website—without penetrating the network or servers in a way that could trigger additional alerts.