https://arstechnica.com/information-technology/2018/09/british-airways-site-had-credit-card-skimming-code-injected/

Last week, British Airways revealed that all the payment information processed through the airline's website and mobile app between August 21 and September 5 had been exposed. As many as 38,000 British Airways customers may have had their contact and financial information stolen in the breach, which evidence suggests was the result of malicious JavaScript code planted within British Airway's website.

According to a report by RiskIQ's Head Researcher Yonathan Klijnsma published Tuesday, RiskIQ detected the use of a script associated with a "threat group" RiskIQ calls Magecart. the same set of actors believed to be behind a recent credit card breach at Ticketmaster UK. While the Ticketmaster UK breach was the result of JavaScript being injected through a third-party service used by the Ticketmaster website, the British Airways breach was actually the result of a compromise of BA's own Web server, according to the RiskIQ analysis.