British Airways travelers’ credit card details hacked
LONDON – Hackers obtained the credit card details of some 380,000 British Airways travelers during a two-week data breach this summer that leaves the customers vulnerable to financial fraud, the airline says.
The airline’s CEO, Alex Cruz, said Friday that enough data were stolen to allow criminals to use credit card information for illicit purposes, and that police are investigating.
“We know that the information that has been stolen is name, address, email address, credit card information; that would be credit card number, expiration date and the three-letter code in the back of the credit card,” he told the BBC.
He called it a “very sophisticated, malicious criminal attack,” but added that no passport data had been obtained.
The airline advised people to contact their bank or credit card company if they used the airline’s website and mobile app to make or change a booking between 10:58 p.m. London time on Aug. 21 and 9:45 p.m. London time on Sept. 5.
The recommendation does not apply to customers who bought tickets or changed reservations outside those times.
The airline promised to reimburse any financial losses suffered by customers directly because of the theft of the data.
British Airways revealed the new hack Thursday evening and began notifying customers. Britain’s National Crime Agency said it is investigating.
Consumer advice website MoneySavingExpert says affected customers should first seek advice from their bank, then monitor bank and credit card statements closely for signs of possible fraudulent activity.
It also warns of possible “phishing scams” in which hackers would try to trick affected consumers into revealing personal information like personal identification numbers or banking passwords.
Some angry travelers complained to Britain’s Press Association that they had noted bogus activity on credit cards that had been used to make British Airways bookings during the time when the breach was undetected.
The hack again puts the spotlight on the strength of the IT systems at major companies as they expand their digital services.
In the U.S., Delta Airlines said in April that payment-card information for several hundred thousand customers could have been exposed by a malware breach months earlier.