{"id":37709,"date":"2020-10-16T12:15:04","date_gmt":"2020-10-16T12:15:04","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/british-airways-fined-20m-for-magecart-hack-that-exposed-400k-folks-credit-card-details-to-crooks\/"},"modified":"2020-10-16T12:15:04","modified_gmt":"2020-10-16T12:15:04","slug":"british-airways-fined-20m-for-magecart-hack-that-exposed-400k-folks-credit-card-details-to-crooks","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/british-airways-fined-20m-for-magecart-hack-that-exposed-400k-folks-credit-card-details-to-crooks\/","title":{"rendered":"British Airways fined \u00a320m for Magecart hack that exposed 400k folks&#8217; credit card details to crooks"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/regmedia.co.uk\/2016\/08\/09\/credit_card_fraud_shutterstock.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>British Airways is to pay a \u00a320m data protection fine after its 2018 Magecart hack \u2013 even though the Information Commissioner\u2019s Office discovered the airline had been saving credit card details in plain text since 2015.<\/p>\n<p>The fine, announced this morning by the UK&#8217;s data watchdog, is almost exactly at the reduced \u00a319.8m level that BA parent company the International Airlines Group had <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2020\/08\/05\/marriott_starwood_gdpr_fine_british_airways\/\" rel=\"noopener noreferrer\">expected back in August<\/a>.<\/p>\n<p>\u201cThe failures are especially serious in circumstances where it is unclear whether or when BA itself would ever have detected the breach,\u201d thundered the ICO today. It also condemned BA\u2019s claims during fine negotiations that credit card data breaches are \u201can entirely commonplace phenomenon\u201d and \u201can unavoidable fact of life\u201d.<\/p>\n<p>The airline&#8217;s spokesman told <i>The Register<\/i>: \u201cWe alerted customers as soon as we became aware of the criminal attack on our systems in 2018 and are sorry we fell short of our customers\u2019 expectations. We are pleased the ICO recognises that we have made considerable improvements to\u202fthe security of our systems since the attack and that we fully co-operated with its investigation.\u201d<\/p>\n<p>British Airways\u2019 internal payments systems were accessed by malicious people in June 2018, <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2018\/09\/06\/british_airways_hacked\/\" rel=\"noopener noreferrer\">as we reported at the time<\/a>. Some 380,000 people\u2019s credit and debit card details were stolen as a result.<\/p>\n<p>Alarmingly, the ICO\u2019s redacted fine notice published today (<a target=\"_blank\" href=\"https:\/\/ico.org.uk\/media\/action-weve-taken\/mpns\/2618421\/ba-penalty-20201016.pdf\" rel=\"noopener noreferrer\">PDF<\/a>) revealed not only that the airline was compromised through a Citrix vulnerability but that it had been saving card details without any encryption at all \u2013 a huge no-no.<\/p>\n<h3 class=\"crosshead\"> <span>No MFA and plain text domain admin creds<\/span><br \/>\n<\/h3>\n<p>The attackers began by compromising a BA network account issued to an employee of cargo-handling firm Swissport. That employee, based in Trinidad and Tobago, did not use multi-factor authentication (MFA) and the airline didn\u2019t require it. Although the ICO report was heavily redacted at this point, the attacker then entered a Citrix environment and was able to escape from it onto the wider BA network, having \u201csuccessfully copied a number of tools into the Citrix environment from outside the network.\u201d<\/p>\n<p>While carrying out network reconnaissance, the attackers hit the jackpot: the username and password for a Windows domain administrator account, \u201cstored in plain text, in a folder on the server\u201d.<\/p>\n<p>The miscreants also found a database admin username and password later in their spree.<\/p>\n<p>Although their next steps were redacted out of the report, the attackers eventually gained access to server logs that contained plaintext details of payment cards.<\/p>\n<p>The ICO said: \u201cThe logging and storing of these card details (including, in most cases, CVV numbers) was not an intended design feature of BA\u2019s systems\u2026 it was a testing feature that was only intended to operate when the systems were not live, but which was left activated when the systems went live.\u201d Those logs were stored for three months.<\/p>\n<p>From there, the attackers discovered source code for the BA website and <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2018\/09\/11\/british_airways_website_scripts\/\" rel=\"noopener noreferrer\">planted a card skimmer on the payments page used by the general public<\/a>. Infosec firm RiskIQ reckoned, back in 2018, that the hack was the work of the Magecart payments theft gang.<\/p>\n<p>Part of BA\u2019s mitigation included deploying Crowdstrike\u2019s Falcon tool across its systems.<\/p>\n<h3 class=\"crosshead\"> <span>Fine is 11 per cent of original penalty<\/span><br \/>\n<\/h3>\n<p>Information Commissioner Elizabeth Denham <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2019\/07\/08\/ico_threatens_ba_with_huge_fine_for_huge_data_loss\/\" rel=\"noopener noreferrer\">floated a \u00a3183m fine in July last year<\/a>, saying at the time: \u201cPeople&#8217;s personal data is just that \u2013 personal. When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience. That\u2019s why the law is clear \u2013 when you are entrusted with personal data you must look after it. Those that don\u2019t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.\u201d<\/p>\n<p>As BA and IAG\u2019s lawyers made representations to get the fine reduced, the COVID-19 pandemic struck \u2013 and as the ICO stopped enforcing data protection laws in the early part of 2020, it <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2020\/01\/13\/ico_british_airways_marriott_fines_delayed\/\" rel=\"noopener noreferrer\">started issuing<\/a> <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2020\/04\/06\/ico_data_protection_fines_ba_marriott_hack_postponed\/\" rel=\"noopener noreferrer\">deadline extensions to BA<\/a>.<\/p>\n<p>The data watchdog said the fine had been reduced by \u00a34m to take BA\u2019s coronavirus financial situation into account, justifying this by pointing to IAG revenues in excess of \u00a312bn in FY2017 \u2013 long before the pandemic tore the heart and lungs out of the air travel industry. COVID-19 and resulting government prohibitions have <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2020\/07\/17\/british_airways_747_axed\/\" rel=\"noopener noreferrer\">forced the premature retirement of BA&#8217;s iconic Boeing 747 fleet<\/a>.<\/p>\n<p>The fine reflects IAG\u2019s H1 CY2020 <a target=\"_blank\" href=\"https:\/\/www.iairgroup.com\/~\/media\/Files\/I\/IAG\/documents\/interim-management-statement-for-the-six-months-to-june-30-2020.pdf\" rel=\"noopener noreferrer\">loss<\/a> (PDF) of 1.9 billion euros, and the fact that the airline group has had to mortgage \u201cold and new aircraft\u201d to raise another 2.2bn euros in cash with which to ride out government travel bans linked to COVID-19.<\/p>\n<p>BA&#8217;s sprawling IT estate, interfacing with multiple third parties all over the world, has a <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2018\/07\/19\/amadeus_british_airways_outage_load_sheet\/\" rel=\"noopener noreferrer\">reputation for falling over at inconvenient moments<\/a>. Such problems aren&#8217;t helped when <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2017\/06\/02\/british_airways_data_centre_configuration\/\" rel=\"noopener noreferrer\">incompetent contractors play &#8220;let&#8217;s pull all the levers&#8221;<\/a> with data centre power supplies. \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2020\/10\/16\/british_airways_ico_fine_20m\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Airline was saving domain admin creds and card details alike in plaintext British Airways is to pay a \u00a320m data protection fine after its 2018 Magecart hack \u2013 even though the Information Commissioner\u2019s Office discovered the airline had been saving credit card details in plain text since 2015.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":37710,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-37709","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>British Airways fined \u00a320m for Magecart hack that exposed 400k folks&#039; credit card details to crooks 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/british-airways-fined-20m-for-magecart-hack-that-exposed-400k-folks-credit-card-details-to-crooks\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"British Airways fined \u00a320m for Magecart hack that exposed 400k folks&#039; credit card details to crooks 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/british-airways-fined-20m-for-magecart-hack-that-exposed-400k-folks-credit-card-details-to-crooks\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2020-10-16T12:15:04+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/10\/british-airways-fined-20m-for-magecart-hack-that-exposed-400k-folks-credit-card-details-to-crooks.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"667\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/british-airways-fined-20m-for-magecart-hack-that-exposed-400k-folks-credit-card-details-to-crooks\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/british-airways-fined-20m-for-magecart-hack-that-exposed-400k-folks-credit-card-details-to-crooks\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"British Airways fined \u00a320m for Magecart hack that exposed 400k folks&#8217; credit card details to crooks\",\"datePublished\":\"2020-10-16T12:15:04+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/british-airways-fined-20m-for-magecart-hack-that-exposed-400k-folks-credit-card-details-to-crooks\\\/\"},\"wordCount\":824,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/british-airways-fined-20m-for-magecart-hack-that-exposed-400k-folks-credit-card-details-to-crooks\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/10\\\/british-airways-fined-20m-for-magecart-hack-that-exposed-400k-folks-credit-card-details-to-crooks.jpg\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/british-airways-fined-20m-for-magecart-hack-that-exposed-400k-folks-credit-card-details-to-crooks\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/british-airways-fined-20m-for-magecart-hack-that-exposed-400k-folks-credit-card-details-to-crooks\\\/\",\"name\":\"British Airways fined \u00a320m for Magecart hack that exposed 400k folks' credit card details to crooks 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/british-airways-fined-20m-for-magecart-hack-that-exposed-400k-folks-credit-card-details-to-crooks\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/british-airways-fined-20m-for-magecart-hack-that-exposed-400k-folks-credit-card-details-to-crooks\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/10\\\/british-airways-fined-20m-for-magecart-hack-that-exposed-400k-folks-credit-card-details-to-crooks.jpg\",\"datePublished\":\"2020-10-16T12:15:04+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/british-airways-fined-20m-for-magecart-hack-that-exposed-400k-folks-credit-card-details-to-crooks\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/british-airways-fined-20m-for-magecart-hack-that-exposed-400k-folks-credit-card-details-to-crooks\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/british-airways-fined-20m-for-magecart-hack-that-exposed-400k-folks-credit-card-details-to-crooks\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/10\\\/british-airways-fined-20m-for-magecart-hack-that-exposed-400k-folks-credit-card-details-to-crooks.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/10\\\/british-airways-fined-20m-for-magecart-hack-that-exposed-400k-folks-credit-card-details-to-crooks.jpg\",\"width\":1000,\"height\":667},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/british-airways-fined-20m-for-magecart-hack-that-exposed-400k-folks-credit-card-details-to-crooks\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"British Airways fined \u00a320m for Magecart hack that exposed 400k folks&#8217; credit card details to crooks\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"British Airways fined \u00a320m for Magecart hack that exposed 400k folks' credit card details to crooks 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/british-airways-fined-20m-for-magecart-hack-that-exposed-400k-folks-credit-card-details-to-crooks\/","og_locale":"en_US","og_type":"article","og_title":"British Airways fined \u00a320m for Magecart hack that exposed 400k folks' credit card details to crooks 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/british-airways-fined-20m-for-magecart-hack-that-exposed-400k-folks-credit-card-details-to-crooks\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2020-10-16T12:15:04+00:00","og_image":[{"width":1000,"height":667,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/10\/british-airways-fined-20m-for-magecart-hack-that-exposed-400k-folks-credit-card-details-to-crooks.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/british-airways-fined-20m-for-magecart-hack-that-exposed-400k-folks-credit-card-details-to-crooks\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/british-airways-fined-20m-for-magecart-hack-that-exposed-400k-folks-credit-card-details-to-crooks\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"British Airways fined \u00a320m for Magecart hack that exposed 400k folks&#8217; credit card details to crooks","datePublished":"2020-10-16T12:15:04+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/british-airways-fined-20m-for-magecart-hack-that-exposed-400k-folks-credit-card-details-to-crooks\/"},"wordCount":824,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/british-airways-fined-20m-for-magecart-hack-that-exposed-400k-folks-credit-card-details-to-crooks\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/10\/british-airways-fined-20m-for-magecart-hack-that-exposed-400k-folks-credit-card-details-to-crooks.jpg","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/british-airways-fined-20m-for-magecart-hack-that-exposed-400k-folks-credit-card-details-to-crooks\/","url":"https:\/\/www.threatshub.org\/blog\/british-airways-fined-20m-for-magecart-hack-that-exposed-400k-folks-credit-card-details-to-crooks\/","name":"British Airways fined \u00a320m for Magecart hack that exposed 400k folks' credit card details to crooks 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/british-airways-fined-20m-for-magecart-hack-that-exposed-400k-folks-credit-card-details-to-crooks\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/british-airways-fined-20m-for-magecart-hack-that-exposed-400k-folks-credit-card-details-to-crooks\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/10\/british-airways-fined-20m-for-magecart-hack-that-exposed-400k-folks-credit-card-details-to-crooks.jpg","datePublished":"2020-10-16T12:15:04+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/british-airways-fined-20m-for-magecart-hack-that-exposed-400k-folks-credit-card-details-to-crooks\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/british-airways-fined-20m-for-magecart-hack-that-exposed-400k-folks-credit-card-details-to-crooks\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/british-airways-fined-20m-for-magecart-hack-that-exposed-400k-folks-credit-card-details-to-crooks\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/10\/british-airways-fined-20m-for-magecart-hack-that-exposed-400k-folks-credit-card-details-to-crooks.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/10\/british-airways-fined-20m-for-magecart-hack-that-exposed-400k-folks-credit-card-details-to-crooks.jpg","width":1000,"height":667},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/british-airways-fined-20m-for-magecart-hack-that-exposed-400k-folks-credit-card-details-to-crooks\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"British Airways fined \u00a320m for Magecart hack that exposed 400k folks&#8217; credit card details to crooks"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/37709","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=37709"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/37709\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/37710"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=37709"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=37709"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=37709"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}