Back to all articles
SQL Injection
British Airways (2018)
Jun 03, 2026
In 2018, British Airways faced one of the most serious cyberattacks in its history. Customer data was compromised through a web skimming attack (also known as Magecart). The attackers used malicious JavaScript code that was injected into the payment page and the mobile application. They stole credit card information and personal customer data without the company immediately realizing it.
While this was not a SQL Injection attack, it was similar in effect, as sensitive financial data was compromised. Approximately 244,000 customers were affected, including their names, addresses, credit card details, and even CVV codes. The failure to store data in an encrypted format and the lack of sufficient control over modifications to the website's code allowed the attack to succeed.
References
https://en.wikipedia.org/wiki/British_Airways_data_breach
https://iusinitinere.it/the-british-airways-case-gdprs-fine-is-likely-to-be-borne-by-customers/
https://www.dailymail.co.uk/news/article-8847051/British-Airways-fined-20m-2018-data-breach.html
https://iusinitinere.it/the-british-airways-case-gdprs-fine-is-likely-to-be-borne-by-customers/
https://www.dailymail.co.uk/news/article-8847051/British-Airways-fined-20m-2018-data-breach.html