BA hacked: 380,000 card payments ‘compromised’ in breach
The airline says hackers took data over a period of 16 days before being detected and tells its customers: “We’re deeply sorry.”
British Airways says the credit card information of at least 380,000 customers has been “compromised” in a data theft.
The airline said people using BA.com and its mobile app for flight bookings were targeted by hackers between 21 August and 5 September.
Information stolen includes customer names, email addresses, home addresses and payment card information – but not travel or passport details.
In an email to affected customers, BA said: “We’re deeply sorry, but you may have been affected.
“We recommend that you contact your bank or credit card provider and follow their recommended advice.
“We take the protection of your personal information very seriously.
“Please accept our deepest apologies for the worry and inconvenience that this criminal activity has caused.”
The breach has been “resolved” and the website is “working normally”, it said.
We are aware of reports of a data breach affecting British Airways and are working with partners to assess the best course of action.
— NationalCrimeAgency (@NCA_UK) September 6, 2018
In a statement, the airline added: “We have notified the police and relevant authorities… [and] will continue to keep our customers updated with the very latest information. We will be contacting customers and will manage any claims on an individual basis.”
BA is the latest major UK company to report such an attack – seemingly the largest since the owner of Currys PC World, Dixons Carphone, admitted in early summer that nine million of its customers had been hit by a data breach.
The theft is also likely to lead to a union backlash after criticism of the airline’s decision to outsource IT work to India.
The issue came to the fore after a costly IT failure last year that left 75,000 passengers stranded.
The company’s chairman and chief executive, Alex Cruz, said: “We are deeply sorry for the disruption that this criminal activity has caused.”
Speaking to Sky News, he said the online vulnerability had now been fixed after it was discovered on Wednesday, and indicated compensation could be a possibility for anyone who had lost money.
Mr Cruz said: “I need to understand the extent of the damages; at the moment we’re not aware of any potential negative effect.
“But yes, we’re interested in speaking with our customers about any potential negative effect that this event may have had on their credit card.”
Mozilla co-founder’s Brave files adtech complaint against Google