British Airways Magecart card-skimming
Magecart operators injected card-skimming JavaScript into British Airways' payment page, stealing card details on 380,000 transactions over 15 days. UK ICO initially proposed a £183.4M GDPR fine — later reduced to £20M after Covid-impact mitigation arguments.
- Victim
- British Airways
- Loss
- $35.0M
- Records
- 429.0K