The European aviation group that owns British Airways and Spain’s Iberia says the threat of a potentially catastrophic ransomware attack on critical IT infrastructure is on the rise following Russia’s invasion of Ukraine.
In 2020, it’s estimated that around 61 per cent of all cyber attacks worldwide specifically targeted airlines. All but 5 per cent of these sophisticated attacks were financially motivated, but International Airlines Group (IAG) warns the potential for “state-sponsored cyber attacks” is also increasing.
IAG has had its fair share of IT woes, and in 2018, British Airways suffered a massive data breach when as many as 420,000 customers and employees had their personal details including credit card information stolen by hackers.
The UK’S Information Commissioners Office (ICO) initially proposed a record £180 million fine for the data breach – in part because it took several weeks for British Airways even to realise that its IT systems had been compromised by criminals.
British Airways appealed the fine, however, and after the pandemic struck, the ICO eventually reduced the penalty to just £20 million.
The airline has also suffered several high-profile operational meltdowns as a result of IT failures. In February, BA suffered two embarrassing IT outages in less than a week, although both incidents are believed to be connected to the airline’s legacy IT systems that are in desperate need of updating.
IAG says it is working on updating and replacing ageing IT systems across its group of airlines, but the group admitted on Friday that “significant” changes that are required could “impact operations”.
In its third-quarter results, IAG said it couldn’t promise any further IT hiccups but said it was “focused on minimising any unplanned outages or disruption to customers with additional resilience built into the airline’s’ networks.”
In August, the Portuguese flag carrier TAP became the latest airline to fall victim to cybercriminals. The Lisbon-based carrier initially claimed it had prevented the hackers from stealing customer data before eventually admitting that personal information had been compromised.
