The British Airways breach that ran between August and September 2018 caused a small stir in the media but was in fact distinctly different from many of the breaches we hear about.
Firstly, most data breaches are a “heist” – criminals break in to a system, identify files, databases and intellectual property of value (whether that be monetary, political, etc.) and begin exfiltrating it from a the network. Now just because they are a heist doesn’t mean this process is necessarily quick, just navigating networks, escalating their privileges and manipulating users can take months but nonetheless the aim is the same.
How did it happen?
Now as you can imagine, having components of your website scattered across multiple locations isn’t the best for security and so the PCI DSS (Payment Cards Industry Data Security Standard) specifically states that pages that collect card information should do this.