British Airways, Boots & The BBC Cyber Attack 2023

What Happened?

Last week, British Airways, Boots and the BBC all suffered cyber attacks of varying levels. The three businesses have been hit with an ultimatum to begin ransom negotiations from a cybercrime group, after employees' personal data was stolen in a hacking attack. It emerged on Wednesday the cyber-gang behind a piece of Ransomware known as Clop had posted it onto their dark web site.‍

Who Was Behind it?

Microsoft has attributed the attack to a group it calls ‘Lace Tempest’. The group is known for deploying a strain of ransomware called Clop, and an associated website where it displays its spoils and posts stolen details of victims who didn’t pay the ransom demands.

What Was Stolen?

Initial reports suggest that customer data, such as names, email addresses, and flight numbers were taken from British Airways. For Boots, the hackers may have accessed credit card numbers and other payment data. The BBC has been attacked with a Distributed Denial-of-Service (DDoS) attack that has impacted their websites and services around the world.

‍

How are Companies Responding?

British Airways, Boots, and the BBC have all responded to the cyber attack and are taking action to protect their customers. British Airways has immediately notified those affected by the incident, and is offering a year of free credit monitoring and identity protection. Boots has advised customers to closely monitor their bank accounts for any suspicious activity, as well as signing up for a credit-monitoring service to check any changes to their personal information. Meanwhile, the BBC is urging users to update their passwords across all their services, enabling Two-Factor Authentication (2FA) to protect against future attacks.

What Should The Affected Victims do?

The affected victims should ensure that they are taking precautions to protect their personal information online. This includes changing passwords for any accounts that may have been compromised, setting up 2FA, and using strong password managers to generate unique and secure passwords. This information is often sold on the dark web or in databases to criminal groups. They can then use it for identity theft, cloning, or malicious phishing attacks to gain even more personal information. Being vigilant for unknown emails and phone calls is also vital.

Conclusion

The cyber attack on British Airways, Boots, and the BBC serves as a reminder of how important it is for businesses to take security seriously in order to protect their customers. It’s also an example of why people should always be vigilant when it comes to protecting their online data. The best way to stay safe online is by taking steps to secure your personal information, such as using Two- or Multi-Factor Authentication, and strong passwords. By following these tips, you can reduce the risk of becoming a victim of cyber crime. Here at Pentest People, we offer a range of Penetration Testing services to test your businesses security structure, ensuring hackers cant access your company infrastructure.

Have a listen to our consultants discuss this attack on our TechBite podcast below: