ICO fines BA £20m - breach appears to have been the result of a privilege access violation
October 2020 by Thycotic
This morning’s the ICO announced it is moving ahead with fining BA for a major data breach in 2018. Further revelations point to the cause being the result of a privilege access violation. Joseph Carson, Chief Security Scientist & Advisory CISO, Thycotic, comments:
“The recent news recording another huge ICO (Information Commissioners Office) fine of £20m this time against British Airways for failing to protect the personal and financial details of more than 400,000 of its customers is another reminder to protect and secure privileged access as cybercriminals will allows look to gain privileged access as it allows them to move around the network and gain access to sensitive files or databases including employee and customers personal data.
The investigation found that the attacker discovered a username and clear text password of a privileged domain administrator account left in an unsecure file that once in the hands of a criminal hacker literally means it is game over. Organizations must prioritize privileged access security and never leave domain admin accounts unprotected in clear text within a file otherwise it is an easy win for the criminals. Our job in cybersecurity is to make it difficult for criminals protecting the business and customers data. “