Formjacking: the new cyber threat
The BA and Ticketmaster hacks show how thieves are targeting businesses’ websites to steal their customers’ card details.
A new wave of cyber-attacks involving the harvesting of card details from e-commerce websites – so called formjacking – has hit businesses worldwide. Ticketmaster was reported to have had 40,000 customer records compromised in June, while British Airways was attacked in September, when nearly 400,000 customers may have had their card details stolen. Hacking collective Magecart is believed to be behind a huge spike in the number of formjacking attacks which, according to Symantec, have numbered around 250,000 since mid-August.
Counting the cost
Minimising the risk
Businesses should also ensure their cyber insurance policies will respond to formjacking attacks. “Businesses must make sure their policies aren’t only triggered by specific cyber events,” says Webb. “The cyber threat is constantly evolving: formjacking is just its latest manifestation, following on the heels of cryptojacking and previous examples. So, a good cyber policy should respond to new hacker threats as they arise.”