Contact Contact Us

Bristol Airport Suffers Ransomware Attack, British Airways Breach Caused By MageCart Skimmer

Bristol Airport in Bristol, UK, suffered a ransomware attack last Friday morning. As a precautionary measure to contain the attack, the airport took several applications offline, including one that provides data for flight information screens. Whiteboards and marker pens were used in place of display screens as a result. The airport said that flights were unaffected, and no ransom was paid to recover the system.

Further investigation into the British Airways data breach found that the airline had been compromised by a threat actor dubbed MageCart, who infected the airline’s website with a skimmer script customised to siphon payment card data. MageCart had modified the website’s Modernizr JavaScript library with new lines of code at the bottom of the script. When the website loaded Modernizr from the baggage claim information page, the modified script allowed Modernizr to send payment data from the customer to MageCart’s server. The modified script applied to the website and mobile application, and it is unclear how MageCart had obtained access to modify Modernizr.

[1] Cyber attack led to Bristol Airport blank screens
[2] British Airways Fell Victim To Card Scraping Attack

Ensign InfoSecurity Singapore
30A Kallang Place
Singapore 339213

Tel: +65 6788 2882
Fax: +65 6788 3883