Credit card details hacked, 380K passengers affected
london — British Airways apologised on Friday after the credit card details of hundreds of thousands of its customers were stolen over a two-week period in the most serious attack on its website and app.
The airline discovered on Wednesday that bookings made between August 21 and September 5 had been infiltrated in a “very sophisticated, malicious criminal” attack, BA Chairman and Chief Executive Alex Cruz said. It immediately contacted customers when the extent of the breach became clear. Around 380,000 card payments were compromised, the airline said, with hackers obtaining names, street and email addresses, credit card numbers, expiry dates and security codes — sufficient information to steal from accounts.
The attack came 15 months after the carrier suffered a massive computer system failure at London’s Heathrow airport, which stranded 75,000 customers over a holiday weekend. —
frankfurt — British Airways may become the first high-profile company to run afoul of Europe’s far-reaching data privacy rules — and face potentially hefty fines — after a computer hack compromised credit card data from some 380,000 customers.
The European Union’s General Data Protection Regulation, or GDPR, which took effect in May, mandates that companies have to take technical precautions such as encryption to ensure client data is protected. It also states that firms must notify authorities about breaches within 72 hours after learning about them.
“This is one of the first big tests of GDPR,” said Julian Saunders, founder of Port.im, a British software maker that helps businesses adapt to the rules. The question for regulators is “whether BA’s actions warrant a fine.”
Violations can be punished with as much as four per cent of a company’s annual sales, which for BA could reach about £489 million ($633 million) based on 2017 figures.
The hack at BA lasted for more than two weeks during the months of August and September, with intruders getting away with account numbers and personal information of customers making reservations on the carrier’s website and mobile app. Chief executive officer Alex Cruz has apologised to clients in a letter and urged them to contact their bank or credit card provider. “We are 100 percent committed to compensate them,” Cruz said.
The share price of parent group IAG was down more than three per cent in London deals.
“This looks like a classical data breach,” Konrad Meier, a specialist on data privacy laws at EY in Zurich, said in an interview. “The authorities will now want to understand how and why this happened in order to determine whether it could have been prevented.”—