British Airways were brought to their knees when its website and mobile application proved to be a ripe target for hackers. Bookings made during a period of 17 days between Aug. 21 and Sept. 5 had been infiltrated in a “very sophisticated, malicious criminal” attack as quoted by its Chief Executive. About 3,80,000 card payments were compromised with hackers obtaining names, streets and email addresses, credit card numbers, expiration dates and security codes — sufficient information to steal from accounts. This event led to falling of its stocks by 2%.
British Government’s IT ministry is working on the ongoing investigation. As per the new GDPR, British Airways were compelled to inform the regulators within 72 hours regarding the breach of personal information of its customers. British Airways advised customers to contact their bank or credit card provider and follow their recommended advice. It also took out ads in national newspapers on Friday. Mr. Cruz said anyone who lost out financially would be compensated by the airline.
NatWest, one of Britain’s biggest card issuers, said it was receiving higher-than-usual call volumes because of the breach. It said in a recorded message that its security systems would likely stop any fraud as a result of the hack but affected should look out for unusual activity on their accounts. American Express said clients did not need to take any action and the company would alert anyone with unusual activity on their cards. International Airlines Group (Parent Company of British Airways) said the data breach has been resolved and the website was working normally, and that no travel or passport details were stolen.
source: www.businessinsurance.com
How a Cyber Policy can be helpful??
In such instances, Cyber Insurance Policy would protect the Insured and may pay the following expenses –
Business Interruption: Network Loss in respect of a Material Interruption-suspension of the service provided by the Computer System directly caused by a Security Failure, that an Insured incurs after the Waiting Hours Period (the number of hours that must elapse once an interruption has begun) has expired and solely as a result of a Security Failure
Forensic Investigation: The fees and expenses incurred in forensic investigation after hack to identify the hacker and the part of data that has been hacked.
Personal Data Breach Expenses: Damages and Defence Costs which arise due to unauthorised disclosure or transmission of Personal Information of the third party due to breach in Insured’s network system.
Reputation Restoration: The fees, costs and expenses to hire PR agencies to prevent or mitigate the potential adverse effect of an Event including management of a communications strategy.
Monitoring Expenses: Professional Fees for credit monitoring services for possible misuse of any Personal Information as a result Breach of Security
Notification Costs: The costs and expenses incurred in collation of information, preparation for and notification to customers whose personal information is breached.
Data Destruction and Restoration: The fees, costs and expenses to hire professionals who determine Data held by the Company on behalf of a Third Party can or cannot be restored and then further recreate or recollect Data held by the Company on behalf of a Third Party where backup systems fail to capture such Data.
Beacon Insurance Brokers has a team of experts who can study exposures and underwrite a cyber policy carefully catered to your organization’s needs. We can be contacted on the following:
email: info@beacon.co.in
phone no.: +91 2652318000