380,000 BANK CARDS HACKED FROM BA
THE bank card details of almost 400,000 British Airways customers have been stolen in a cyber attack.
Shockingly, the breach began 16 days ago, but was not detected by the airline until Wednesday night.
It affects all 380,000 customice. ers who booked flights online or via the BA app during that time using a debit or credit card. BA insisted last night that it had told customers about the security breach as soon as it could and it had now called in the police.
But the cyber failure is a blow to the airline’s once-renowned reputation for customer serv- BA chief executive Alex Cruz said: ‘We are deeply sorry for the disruption that this criminal activity has caused. We take the protection of our customers’ data very seriously.’
the airline said it was investigating the breach as a ‘matter of urgency’ and had reported it to the police and other ‘relevant authorities’. the National Crime Agency has been brought in. BA insisted the stolen data
did not include travel or passport details, but admitted 380,000 debit and credit cards had been ‘compromised’.
It said some personal information of customers has also been stolen, but did not specify what this included.
Just last month, British Airways owner International Consolidated Airlines Group said profits had hit £989 million for the first half of the year. BA raked in £780 million of that sum.
The breach was revealed at 6. 7pm yesterday, after the stock markets had closed.
A spokesman confirmed that the airline had discovered the breach on Wednesday evening but needed time to investigate the matter and assess which customers were affected.
The data breach affects all customers who booked flights online or used the BA.com app from 10.58pm on August 1 to 9.45pm on September 5.
BA said it had received no reports from customers who had had money fraudulently taken out of their account. It added that the breach had been ‘resolved’ and the website was ‘working normally’. The airline has taken out full-page advertisements in today’s newspapers, including the Daily Mail, apologising to customers.
Everyone affected by the breach was urged to contact their bank or credit card company as soon as possible.
The leak is significant because the scale of the payment information accessed by the hackers is almost without precedent in the UK.
Telecoms firm TalkTalk was handed a record £400,000 fine by the Information Commissioner’s Office in 016 when data from 156,959 customers was leaked the previous year, but financial information from just 15,656 was accessed.
Banks are legally obliged to refund customers who have had money fraudulently taken from their account, but the hack raises fears that BA customers’ details will be sold on the ‘dark web’ to fraudsters intent on hacking their accounts.
Alex Neill of Which? said: ‘It is now vital the company moves quickly to ensure those affected get clear information about what has happened and what steps they should take.’