The third-party script breach that shook the world
A technically complex, legally sensitive chain of events turned into a narrative that works for both practitioners and non-specialists. Based on the ICO penalty notice, reconstructed timeline and public sources.
"It happened between August 21 and September 5, 2018. During those 16 days, a sophisticated cyberattack hit the British Airways website and app."
"These credentials were just sitting in a file: unencrypted, in plain text. This is a critical security oversight. It's also a game changer in this story."
"It was happening right under everybody's nose without any disruption of the payment process."
"One tiny weak spot in one of those third party scripts can cause a big security headache."
"What is okay today, might be a security incident tomorrow."