British Airways Company Cyber Security Posture
ba.comAs a global airline and the UKโs flag carrier, British Airways has been flying its customers to where they need to be for more than 100 years. The airline connects Britain with the world and the world with Britain, operating one of the most extensive international scheduled airline route networks together with its joint business, codeshare and franchise partners. Together with its affiliates, British Airways operates to around 200 destinations in over 75 countries throughout Europe, North America, South America, Asia, Africa and Australia. In September 2021, British Airways launched its sustainability programme, BA Better World, committing to put sustainability at the heart of everything it does and with a clear roadmap to achieve net zero carbon emissions by 2050. Unfortunately, we're unable to answer any specific customer service queries here. If you need to contact someone about our service or need immediate assistance, please DM us directly on Instagram, Facebook or X.
British Airways Company Details
british-airways
30574 employees
988894.0
481
Airlines and Aviation
ba.com
Scan still pending
BRI_2282734
In-progress
British Airways Risk Score (AI oriented)Between 900 and 1000
This score is AI-generated and less favored by cyber insurers, who prefer the TPRM score.
British Airways Global Score.png)
British Airways Company Scoring based on AI Models
| Model Name | Date | Description | Current Score Difference | Score |
|---|---|---|---|---|
| AVERAGE-Industry | 03-12-2025 | This score represents the average cybersecurity rating of companies already scanned within the same industry. It provides a benchmark to compare an individual company's security posture against its industry peers. | N/A | Between 900 and 1000 |
British Airways Company Cyber Security News & History
| Entity | Type | Severity | Impact | Seen | Url ID | Details | View |
|---|---|---|---|---|---|---|---|
| British Airways | Data Leak | 85 | 4 | 09/2018 | BRI45811122 | Link | |
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: Credit card details of hundreds of thousands of British Airways customers were stolen over a two-week period in the most serious attack on its website and app. It immediately contacted customers when the extent of the breach became clear. Around 380,000 card payments were compromised. Hackers obtained names, street and email addresses, credit card numbers, expiry dates and security codes. The attack came 15 months after the carrier suffered a massive computer system failure at London's Heathrow airport, which stranded 75,000 customers over a holiday weekend. The attackers had not broken the airline's encryption but did not explain exactly how they had obtained the customer information. The attackers had probably targeted a gateway between the airline and a payment processor because no travel details had been stolen. BA advised customers to contact their bank or credit card provider and follow their recommended advice. | |||||||
| British Airways | Data Leak | 85 | 4 | 08/2019 | BRI0563423 | Link | |
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: British Airways found a security bug which has the potential to expose passengersโ data, including their flight booking details and personal information. It was an attack that could expose victimsโ booking reference numbers, phone numbers, email addresses and more. It was found that bad actors could either view the victimโs personal data, or manipulate their booking information. The exposed information includes email address, telephone numbers, BA membership numbers, first and last name, booking reference, itinerary, flight information like flight number, flight times, and seat number. | |||||||
| British Airways | Breach | 100 | 4 | 06/2023 | BRI0112623 | Link | |
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: British Airways disclosed that the data breach experienced by the payroll service provider Zellis has an effect on them. The BBC and British Airways employees' personal information was exposed as a result of the cyberattack on the payroll service Zellis. According to reports, British Airways was one among the companies damaged by a cyber security attack against MOVEit's target, the UK-based payroll provider Zellis. | |||||||
British Airways Company Subsidiaries
As a global airline and the UKโs flag carrier, British Airways has been flying its customers to where they need to be for more than 100 years. The airline connects Britain with the world and the world with Britain, operating one of the most extensive international scheduled airline route networks together with its joint business, codeshare and franchise partners. Together with its affiliates, British Airways operates to around 200 destinations in over 75 countries throughout Europe, North America, South America, Asia, Africa and Australia. In September 2021, British Airways launched its sustainability programme, BA Better World, committing to put sustainability at the heart of everything it does and with a clear roadmap to achieve net zero carbon emissions by 2050. Unfortunately, we're unable to answer any specific customer service queries here. If you need to contact someone about our service or need immediate assistance, please DM us directly on Instagram, Facebook or X.
Access Data Using Our API
Get company history
Rapid.png)
British Airways Cyber Security News
Boots, BA Warn Staff About Cyber Attack
A vulnerability in file transfer software has led to warnings being issued to a range of companies warning staff of a potential compromise ofย ...
Comment: How airlines can safeguard their vital technology systems against cybersecurity risks
Andrii Paramonov, Aviation Team Lead at Sigma Software Group provides advice about how airlines can avoid a repeat of the recent high profile cyberattacksย ...
Heathrow Branch: Cybersecurity in Civil Air Traffic Management
Members, aerospace professionals and aviation enthusiasts are invited to the Heathrow Branch's lecture, titled "Cybersecurity in civil airย ...
British Airways staff hit by cybersecurity incident
"This incident happened because of a new and previously unknown vulnerability in a widely used MOVEit file transfer tool. We have notified thoseย ...
British Airways fined ยฃ20m over data breach
"When organisations take poor decisions around people's personal data, that can have a real impact on people's lives. The law now gives usย ...
BA, Boots and BBC cyber-attack: who is behind it and what happens next?
Who is behind the attack? Microsoft has attributed the attack to a group it calls Lace Tempest. The group is known for deploying a strain ofย ...
British Airways Hit With Record Fine Following 2018 Cyberattack
BA is facing a record fine, showing the true cost of GDPR. Here's what it means for the company, its investors and others who are hit by aย ...
What we know about the MOVEit vulnerabilities and compromises
A spree initiated by a financially-motivated ransomware group that actively exploited a zero-day vulnerability in Progress Software's MOVEit file transferย ...
Cyber security breach hits BBC, British Airways and Boots. This is what happened
This incident happened because of a new and previously unknown vulnerability in a widely used MOVEit file transfer tool. We have notified thoseย ...
British Airways Similar Companies
Aerolineas Argentinas
Aerolโโ neas Argentinas es la compaโยฑโโ a lโโ der en el mercado aerocomercial argentino y referente en la regiโโฅn desde 1950. Su flota de 84 aviones alcanza 38 destinos en Argentina y otros 22 a nivel regional e internacional. Con la reciente incorporaciโโฅn de 2 aeronaves de cargas, la compaโยฑโโ a expan
Air China Cargo
Is a cargo airline with its headquarters in Shunyi District, Beijing, China t is an all-cargo subsidiary of Air China and operates services to 36 cities in 27 countries around the world. Its main base is Beijing Capital International Airport. The airline was established on 12 December 2003 and start
American Airlines
Embark on an adventure with a commitment to service, excellence and humanity. Our team is what powers our airline. We are proudly dedicated to our purpose of caring for people on lifeโs journey, including connecting our customers to the people and places they love or providing our team members devel
IndiGo (InterGlobe Aviation Ltd)
How time flies. #18YearsOfIndiGo IndiGo is Indiaโs largest passenger airline. We primarily operate in Indiaโs domestic air travel market as a low-cost carrier with focus on our three pillars โ offering low fares, being on-time and delivering a courteous and hassle-free experience. IndiGo has become
Iberia
Iberia is Spainโs number-one airline group and the leader in the Europe-Latin America market, with the single greatest array of destinations and flight frequencies. Together with British Airways, weโre part of the IAG Group, with the third-highest receipts in Europe and sixth worldwide.. Iberia is a
Emirates
Based in Dubai, the Emirates Group employs over 103,363 staff from more than 160 nationalities. The Emirates Groupโs extensive and diverse international portfolio includes the worldโs largest international airline, Emirates, and one of the largest combined air services provider in the world, dnata.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
British Airways CyberSecurity History Information
How many cyber incidents has British Airways faced?
Total Incidents: According to Rankiteo, British Airways has faced 3 incidents in the past.
What types of cybersecurity incidents have occurred at British Airways?
Incident Types: The types of cybersecurity incidents that have occurred incidents Breach and Data Leak.
How does British Airways detect and respond to cybersecurity incidents?
Detection and Response: The company detects and responds to cybersecurity incidents through communication strategy with Immediately contacted customers when the extent of the breach became clear and advised them to contact their bank or credit card provider..
Incident Details
Can you provide details on each incident?
Incident : Data Breach
Title: British Airways Data Breach via Zellis Payroll Service
Description: British Airways disclosed that the data breach experienced by the payroll service provider Zellis has an effect on them. The BBC and British Airways employees' personal information was exposed as a result of the cyberattack on the payroll service Zellis.
Type: Data Breach
Attack Vector: Cyberattack on payroll service provider
Incident : Data Exposure
Title: British Airways Data Exposure Incident
Description: British Airways found a security bug which has the potential to expose passengersโ data, including their flight booking details and personal information. The exposed information includes email address, telephone numbers, BA membership numbers, first and last name, booking reference, itinerary, flight information like flight number, flight times, and seat number.
Type: Data Exposure
Attack Vector: View victim's personal data, Manipulate booking information
Incident : Data Breach
Title: British Airways Data Breach
Description: Credit card details of hundreds of thousands of British Airways customers were stolen over a two-week period in the most serious attack on its website and app.
Type: Data Breach
Attack Vector: Website, Mobile App
Vulnerability Exploited: Gateway between the airline and a payment processor
Motivation: Financial Gain
What are the most common types of attacks the company has faced?
Common Attack Types: The most common types of attacks the company has faced is Data Leak.
How does the company identify the attack vectors used in incidents?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Gateway between the airline and a payment processor.
Impact of the Incidents
What was the impact of each incident?
Incident : Data Breach BRI0112623
Data Compromised: Personal Information of Employees
Incident : Data Exposure BRI0563423
Data Compromised: email address, telephone numbers, BA membership numbers, first and last name, booking reference, itinerary, flight number, flight times, seat number
Incident : Data Breach BRI45811122
Data Compromised: Credit card numbers, Expiry dates, Security codes, Names, Street and email addresses
Systems Affected: Website, Mobile App
Payment Information Risk: High
What types of data are most commonly compromised in incidents?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Information, email address, telephone numbers, BA membership numbers, first and last name, booking reference, itinerary, flight number, flight times, seat number, Credit card numbers, Expiry dates, Security codes, Names and Street and email addresses.
Which entities were affected by each incident?
Incident : Data Breach BRI45811122
Entity Type: Company
Industry: Aviation
Location: United Kingdom
Customers Affected: 380000
Response to the Incidents
What measures were taken in response to each incident?
Incident : Data Breach BRI45811122
Communication Strategy: Immediately contacted customers when the extent of the breach became clear and advised them to contact their bank or credit card provider.
Data Breach Information
What type of data was compromised in each breach?
Incident : Data Breach BRI0112623
Type of Data Compromised: Personal Information
Incident : Data Exposure BRI0563423
Type of Data Compromised: email address, telephone numbers, BA membership numbers, first and last name, booking reference, itinerary, flight number, flight times, seat number
Personally Identifiable Information: email address, telephone numbers, BA membership numbers, first and last name
Incident : Data Breach BRI45811122
Type of Data Compromised: Credit card numbers, Expiry dates, Security codes, Names, Street and email addresses
Number of Records Exposed: 380000
Sensitivity of Data: High
Data Encryption: Unbroken
Personally Identifiable Information: Names, Street and email addresses
Investigation Status
How does the company communicate the status of incident investigations to stakeholders?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through was Immediately contacted customers when the extent of the breach became clear and advised them to contact their bank or credit card provider..
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident?
Incident : Data Breach BRI45811122
Customer Advisories: Advised customers to contact their bank or credit card provider and follow their recommended advice.
What advisories does the company provide to stakeholders and customers following an incident?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: was Advised customers to contact their bank or credit card provider and follow their recommended advice..
Initial Access Broker
How did the initial access broker gain entry for each incident?
Incident : Data Breach BRI45811122
Entry Point: Gateway between the airline and a payment processor
Additional Questions
Impact of the Incidents
What was the most significant data compromised in an incident?
Most Significant Data Compromised: The most significant data compromised in an incident were Personal Information of Employees, email address, telephone numbers, BA membership numbers, first and last name, booking reference, itinerary, flight number, flight times, seat number, Credit card numbers, Expiry dates, Security codes, Names and Street and email addresses.
What was the most significant system affected in an incident?
Most Significant System Affected: The most significant system affected in an incident were Website, Mobile App.
Data Breach Information
What was the most sensitive data compromised in a breach?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Personal Information of Employees, email address, telephone numbers, BA membership numbers, first and last name, booking reference, itinerary, flight number, flight times, seat number, Credit card numbers, Expiry dates, Security codes, Names and Street and email addresses.
What was the number of records exposed in the most significant breach?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 380.0.
Stakeholder and Customer Advisories
What was the most recent customer advisory issued?
Most Recent Customer Advisory: The most recent customer advisory issued was was an Advised customers to contact their bank or credit card provider and follow their recommended advice.
Initial Access Broker
What was the most recent entry point used by an initial access broker?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Gateway between the airline and a payment processor.
What Do We Measure?
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
