BA ‘stuck its head in the sand’ after being told it was at risk of hacking, says IT expert
BRITISH AIRWAYS was warned by IT experts that it was vulnerable to a hack in which criminals could steal customers’ card details earlier this year, it has been claimed.
The airline announced on Thursday that it had suffered a major hack compromising the bank card information of around 380,000 customers.
Due to strict new data protection laws, British Airways is facing a fine of up to £897million, or 4 per cent of its parent company’s turnover, if regulators find it has not done enough to keep customer data safe.
The Daily Telegraph understands that last year the airline failed an industry standard for consumer data protection, which is required by card providers Visa and Mastercard for all companies accepting, transmitting or storing any cardholder data.
The standard, called the Payment Card Industry Data Security Standard, is a set of security standards designed to ensure that companies which accept, process, store and transmit credit card information keep it secure.
BA said it had a number of fully operational monitoring tools that it used to check for suspicious activity. It added the standard related to the protection of customer accounts, none of which was compromised in the attack.
An IT expert told this newspaper they had warned British Airways it was vulnerable to being hacked, accusing it of “sticking its head in the sand” over the state of its IT systems. British Airways denied it received any such warnings.
Derwyn Jones, chief executive at payment provider Ultracomms, said: “This latest breach is a serious wake-up call, particularly to the travel industry.”
The airline admitted “criminal activity” had compromised the personal and financial details of customers who made bookings on its website or app from just before 11pm on Aug 21 until 9.45pm on Wednesday.
BA confirmed yesterday that hackers had obtained names, addresses, credit card numbers, expiry dates and the three-digit security codes on the backs of cards, enough for them to make fraudulent payments.
Furious British Airways customers have been left having to cancel their credit cards, with many reporting they had money taken from their accounts and rogue direct debits set up in their names.
Alex Cruz, British Airway’s chairman, revealed the hackers were “very sophisticated criminals” who had not hacked the company’s encrypted data, but rather gained “illicit access” to the airline’s system.
This meant the breach went unnoticed for more than two weeks, he claimed.
BA has said all customers will be compensated for losses as a result of the hack.