BA customers told to tweet their billing details in security oversight
British Airways has been accused of putting customers at risk of fraud in a GDPR mix-up.
The airline asked disgruntled customers to tweet their full names, passport details, last four digits of their credit cards and their billing address, “to comply with GDPR”, before it could investigate complaints.
GDPR is the EU’S new General Data Protection Regulation designed to keep firms from collecting and selling personal information of internet users without their consent.
In several instances, British Airways customers began responding with their personal details, which can be viewed not only by British Airways’ 1.16million followers, but by anyone who visits its Twitter page.
After the blunder was pointed out by security experts, British Airways hastily asked them to delete their tweets to protect themselves and send the information in a private message.
A British Airways spokesman said: “We take our responsibility to protect our customers’ details very seriously.
“Our social media colleagues look after around 2,000 inquiries a day and we are always careful to confirm that we are talking to the right person.”
The regulation, implemented in May, was brought in to help reduce the number of spam emails and nuisance calls received by consumers who hand over their data.