British Airways (via Modernizr script) - isotope¹³

← Supply-Chain Attack Compendium

Incident Summary

British Airways breached via modified script.

British Airways' website was compromised by attackers who modified a JavaScript library, Modernizr, that was loaded on their payment pages. This malicious script captured and exfiltrated customer names, addresses, payment card details, and login credentials. While Modernizr is an open-source library, its modification on BA's site as part of their supplied code to users represents a compromise of a component in their web delivery supply chain.

Date: 2018-08-21 to 2018-09-05
Category: Commercial
Target Surface: Distribution
Insertion Phase: distribution
Impact: Credential theft
Cause: Website compromise

What Was Affected

Package British Airways (via Modernizr script)

LanguageJavaScript

ComponentLibrary

Artifact typesource archive

Domain typeproject download host

Domain ba.com

Compromised Versions

The specific version of Modernizr.js and related scripts served by British Airways during the incident window.

Incident Context

Motive: Financial gain
Attribution: Cybercriminal Gang
Transitive: No
User Impact: 380000
Observed Duration: 15 days

Evidence

Compromised Artifacts

britishairways.com/scripts/modernizr.js

Current Artifacts and Analysis

riskiq.com/blog/labs/magecart-british-airways-breach

External References

ico.org.uk/about-the-ico/media-centre/news-and-blogs/2020/10/ico-fines-british-airways-20m-for-data-breach-affecting-more-than-400-000-customers

Source Data

Source record: proprietary/british_airways/meta.yaml