The BA breach, surfaced by RiskIQ last fall, was carried out by the crime syndicate Magecart. Most recently, a sophisticated Magecart group compromised thousands of sites with a supply chain cyber attack targeting misconfigured Amazon S3 buckets.
Businesses need a continued focus on visibility into their internet-facing attack surfaces, as well as increased scrutiny of the third-party services, constitute their web applications. Magecart's recent ravages have shown that a lot of the investment in securing corporate infrastructure hasn't worked. Companies will continue to be overwhelmed by the scale and tenacity their digital security faces by these kinds of groups, especially as cyber attacks launch from outside the firewall, and the data theft occurs in the user's browser.