Cyber Expo

380,000 customers hit by British Airways hack

Written by Hannah McGrath
07/09/2018

British Airways (BA) is investigating the theft of personal and financial data of 380,000 customers after hackers gained access to its website and mobile app.

The airline is urging customers who believe they may have been affected by the data breach to contact their bank or credit card provider, after revealing that its systems were compromised by a sophisticated hacking operation between 21 August and 5 September.

British Airways said the stolen data did not include travel or passport details. It reported that the breach had been resolved and the website was now working normally.

Alex Cruz, chief executive of British Airways told the BBC hack was “a sophisticated, malicious criminal attack” which resulted in the theft of names, addresses and credit card information including CVV security numbers of customers who made bookings during the affected period.

He apologised to customers who were concerned that their data had been compromised and pledged full compensation to anyone who had suffered financially as a result of the breach. BA says it will be contacting customers directly with updates.

The company has also taken out adverts apologising for the incident in Friday’s newspapers.

Cruz explained that the company was working to investigate the incident with the police and the Information Commissioner’s Office. The National Crime Agency and National Cyber Security Centre are also looking into the incident.

"At the moment, our number one purpose is contacting those customers that made those transactions to make sure they contact their credit card bank providers so they can follow their instructions on how to manage that breach of data,” Cruz told the BBC Radio 4 Today programme.

BA customers have taken to social media to vent their frustration, with many complaining about a lack of communication about the breach.

Some reported delays in receiving an email update sent out at 9pm on Thursday evening regarding the hack, while Cruz confirmed that a small number had received a blank email in error and received a full update shortly afterwards.

One flyer who made a booking during the affected period, tweeting under the name Gemma Theobold, posted: "My bank... are experiencing extremely high call volumes due to this breach! Couldn't do anything other than cancel my card... not how I wanted to spend my Thursday evening."

A statement from British Airways said it was:“Investigating, as a matter of urgency, the theft of customer data from its website, ba.com and the airline’s mobile app. The stolen data did not include travel or passport details.”

“British Airways is communicating with affected customers and we advise any customers who believe they may have been affected by this incident to contact their banks or credit card providers and follow their recommended advice,”it added.