Case Study

Top 5 Global Airline Safeguards Customer Data Against Client-side Data Breaches

Download Case Study

Company

This top 5 global airline is one of the largest airlines in the world. The company offers passenger and cargo services to over 200 destinations in Asia, North America, Australia, Europe, and Africa.

“The solution pays for itself by reducing our risk from client-side data breaches and helping us avoid fines and the subsequent negative impact to our brand reputation.”

– CISO Top 5 Global Airline

Challenge

This global airline used open source libraries and third-party code to build its website. The security team lacked visibility into the behavior of client-side code. This made it difficult to catch and fix script vulnerabilities, which could be exploited to conduct digital skimming and Magecart attacks that captured users’ credit card numbers, CVV codes, and other sensitive PII.

The airline had seen numerous high-profile Magecart attacks in the news, including an attack in 2018 on British Airways that resulted in some 380,000 users’ credit card details stolen and more than $20 million in fines for regulatory noncompliance. This airline knew it needed a solution to protect itself and its customers.

Solution

The airline needed a real-time client-side security solution that could detect risks in first-, third- and nth-party code across on their site. They realized that static scanning alone would be ineffective in finding and stopping client-side attacks, and a content security policy (CSP) solution would be too complex to manage.

After evaluating multiple solutions, the airline selected Client-side Defense to protect their website from digital skimming, formjacking and Magecart attacks and help ensure data privacy compliance. There were several factors in their decision:

Learn More
  • 24/7/365 script monitoring: Client-side Defense runs during every user session, providing robust real-time visibility into all first-, third- and nth-party scripts running on your site, all downstream dependencies and every action taken in users’ browsers. The solution provides rich insights into JavaScript activity over time, including how scripts are interacting, additional scripts in use and any exposure details.
  • Comprehensive client-side mitigation: Client-side Defense leverages policy-based script management and granular JavaScript blocking to mitigate risky scripts. This multilayered protection lets security teams both block specific actions in a script without blocking the full script, and prevent unwanted scripts from loading at all.
  • Easy to deploy and integrate: The airline was easily able to integrate Client-side Defense by adding a lightweight JavaScript Sensor to their page template. They did not have to modify their website architecture or content delivery networks (CDN), which saved time, money, and hassle.
  • Behavior-based learning: Client-side Defense continuously collects signals from the client side and identifies behavioral anomalies such as scripts loaded from a new domain, modifications to the page, scripts accessing sensitive input fields, communication with malicious domains, and known vulnerabilities in third-party scripts. These anomalies trigger prioritized incidents that are sent to the airline’s monitoring systems.
  • No impact to user experience: The Sensor runs asynchronously on the site, which preserves user experience. The application development teams at the airline are able to continue innovating with confidence while the information security teams have full visibility into the entire supply chain of website scripts.
  • Actionable insights: The Client-side Defense dashboard offers an at-a-glance overview and actionable recommendations based on threat research to help teams quickly prioritize incidents, so they can mitigate client-side supply chain attacks and prevent compliance violations.

RESULTS

Client-side Defense helped the airline safeguard customer data by providing continuous protection against client-side attacks. This has resulted in several key benefits:

  • Reduces risk of unauthorized data exposure and theft
  • Protects brand reputation and consumer trust
  • Helps avoid penalties and lawsuits by ensuring compliance with data privacy regulations, including GDPR, PCI DSS, CCPA, and CPRA
  • Improves operational efficiencies by eliminating the manual analysis of website scripts
  • Encourages innovation by making security an enabler—rather than a bottleneck—in its application development process

Connect with Us

to Learn More How HUMAN Can Help Prevent Client-side Data Breaches for You

Related Resources

Solution Briefs

HUMAN Code Defender Overview

DOWNLOAD NOW

Solution Briefs

Client-side Defense

DOWNLOAD NOW

Solution Briefs

HUMAN for Travel and Hospitality

DOWNLOAD NOW