How to protect your online identity from data hackers

British Airways plane ©
BA customer data has flown off into the ether

The latest data breach is another reminder of the importance of keeping your financial information as safe as possible.

After the data breach at British Airways last week, which saw the credit-card details from 380,000 transactions stolen, online security is back in the headlines. Most people now shop and bank online, and so they are sending valuable information over the internet. This can leave you vulnerable to fraud if a site is hacked.

To try to avoid falling victim to this, the first thing to do is improve your passwords. Generally, people are good at not using the same password for everything, but most would have trouble remembering the long strings of random characters for each account that make for the most secure kind of password. Take the hassle out of this process by using a password manager such as 1Password, LastPass or Keepass. These will generate random passwords for every site you use, and you just need to remember one master password for the manager account. Choose one that doesn’t store your information in an unencrypted format (as is sometimes the case with in-browser managers). You also don’t want your passwords to be auto-filled by your browser, as this can potentially be exploited by hackers.

Now you’ve got your passwords sorted, there’s more bad news – these alone won’t protect you. Ideally, you want to have two-step authentication enabled for your most important accounts. Most banks and building societies offer this, as well as the big email and social-media websites (although not all financial sites – such as many stockbrokers – yet do so). As the name suggests, this means you have to pass a second layer of identity checking before gaining access to your account (though this sounds inconvenient, it’s often only enabled when you log in from an unfamiliar browser, ie, on someone else’s computer). When logging in, you’ll be asked for your password, and then a special code is sent via text or email that you have to enter in order to log in.

Finally, when you are shopping online, make sure you are using an encrypted website – look for a little green padlock in the browser bar, usually to the left of the website address, and make sure the website starts with “https” as opposed to just “http” – the “s” means that all communications between your browser and the website are encrypted. And while it might sound obvious, avoid clicking on links in suspicious emails, as you can inadvertently download malicious software. At the moment, be careful of  emails regarding the BA hack – criminals love to use a well-known data breach to try and con you.

What BA users should do now

Between 21 August and 5 September, hackers stole the personal and financial details of people who booked flights directly with BA, either via the website or app. About 380,000 transactions were involved.

The hackers managed to get hold of names, addresses, email address and credit-card details for those customers. Unusually, they also got hold of CVV numbers – the three digits on the back of your card. This means they have everything they need to make online purchases or clone your card.

If you have been affected, BA will have been in touch, and you’ll need to contact your card providers immediately. They will either give you a new card, or monitor your accounts closely for signs of fraud. Provided you act quickly, your card issuer should not charge you for any fraudulent transactions on your account. But if you don’t react promptly, BA has promised to make sure you aren’t left out of pocket. It is also offering affected customers a free 12-month credit-rating monitoring service.

Make sure to change the password for your BA account (and other accounts with the same one), and keep an eye on your bank statements.