380,000 BANK CARDS HACKED FROM BA
THE bank card details of almost 400,000 British Airways customers have been stolen in a cyber attack. Shockingly, the breach began 16 days ago, but was not detected by the airline until Wednesday night. It affects all 380,000 custom-ice. ers who booked flights online or via the BA app during that time using a debit or credit card. BA insisted last night that it had told customers about the security breach as soon as it could and it had now called in the police.
But the cyber failure is a blow to the airline’s once-renowned reputation for customer serv- chief executive Alex Cruz said: ‘We are deeply sorry for the disruption that this criminal activity has caused. We take the protection of our customers’ data very seriously.’
The airline said it was investigating the breach as a ‘matter of urgency’ and had reported it to the police and other ‘relevant authorities’. The National Crime Agency has been brought in. BA insisted the stolen data
did not include travel or passport details, but admitted that 380,000 debit and credit cards had been ‘compromised’.
It said some personal information of customers has also been stolen, but did not specify what this included.
Just last month, British Airways owner International Consolidated Airlines Group said profits had hit £989 million for the first half of the year. BA raked in £780 million of that sum.
The breach was revealed at 6.27pm yesterday, after the stockmarkets had closed.
A spokesman confirmed that the airline had discovered the breach on Wednesday evening, but needed time to investigate the matter and assess which customers were affected.
The data breach affects all customers who booked flights online or used the BA.com app from 10.58pm on August 21 to 9.45pm on September 5.
BA said it had received no reports from customers who had had money fraudulently taken out of their account. It added that the breach had been ‘resolved’ and the website was ‘working normally’. The airline has taken out full-page advertisements in today’s newspapers, including the Daily Mail, apologising to customers.
Everyone affected by the breach was urged to contact their bank or credit card company as soon as possible.
The leak is significant because the scale of the payment information accessed by the hackers is almost without precedent in the UK. Telecoms firm TalkTalk was handed a record £400,000 fine by the Information Commissioner’s Office (ICO) in 2016 when data from 156,959 custom- ers was leaked the previous year, but financial information from just 15,656 was accessed.
Banks are legally obliged to refund customers who have had money fraudulently taken from their account, but the hack raises fears that BA customers’ details will be sold on the ‘dark web’ to fraudsters intent on hacking their accounts.
Customers took to social media to criticise the airline last night – with many hitting out at BA for failing to contact them directly about the data breach.
One customer said on Twitter: ‘Idiots. So as an executive club member they have my card details, my passport, tel, email etc. All because you outsource IT to joke places to save money.’
Alex Neill of Which? said: ‘It is now vital that the company moves quickly to ensure those affected get clear information about what has happened and what steps they should take.
‘Anyone concerned they could be at risk of fraud should consider changing their online passwords, monitor bank and other online accounts and be wary of emails regarding the breach.’
Guy Anker, deputy editor of Moneysavingexpert.com, said: ‘This is yet another massive data breach which simply isn’t good enough from big businesses holding so many people’s highly sensitive data.’
A North Korean hacker was named last night as the prime suspect behind the Wannacry cyber attack that crippled the NHS in May last year.
Computer programmer Park Jin Hyok was identified by the US justice department, but it remains to be seen whether the Pyongyang authorities will agree to extradite him.