For example . . .
Round-trip airfare. And a data breach.
In the UK in October 2020, the Information Commission’s Office (ICO) fined British Airways (BA) £20 million. Why? Because the airline failed to protect the personal and financial details of more than 429,000 customers and staff members in a 2018 data breach. BA thereby ran afoul of requirements of the General Data Protection Regulation (GDPR). A critical note here – the original fine was $230 MILLION DOLLARS but due to pressure on the industry from COVID downturn, the amount was reduced.
“Their failure to act was unacceptable and affected hundreds of thousands of people, which may have caused some anxiety and distress as a result,” said Information Commissioner Elizabeth Denham. “That’s why we have issued BA with a £20m fine – our biggest to date.”
The ICO made it clear that BA itself had not been the ones to detect the attack. An outside party discovered it more than two months after it happened.
Important note – no victim shaming here – BA isn’t alone in either the risk nor the impact of this type of breach. The vast majority of websites in the world today are susceptible because web app client-side protection is just now coming to the forefront of priorities to focus on.
“Sorry – Could you delete all that data we accidentally gave you in cleartext?”
Similarly, Ally Bank lost face in June 2021, disclosing that their website had sent customers’ usernames and passwords in unencrypted text to external partners.
“A programming code error associated with Ally’s website inadvertently revealed Ally’s customers’ usernames and passwords to third parties with whom Ally had business relationships,” read the letter. They noted that they had asked the partners to delete the sensitive user data.
The risk is so pronounced that this has to be something you take seriously.
It’s time to focus on web app client-side protection
Face it: The pain these organizations have dealt with isn’t something you want to feel because you didn’t have client-side protection on your radar.
With Magecart malware (“formjacking”) kits selling for as little as $1,300, the threshold for becoming a cybercriminal is disconcertingly low, leading to an increase in the number of attacks. Attacks can linger undetected for months, meaning that the longer you wait, the more your liability grows.
Learn more about the Source Defense approach to web app client-side protection of your customers’ sensitive data.
PCI DSS 4.0 makes client-side security a priority.
Source Defense delivers a solution for 6.4.3 and 11.6.1 without adding a burden to your security teams.