Investigation after hack
British Airways launches probe into customer data theft
BA has notified the authorities over the breach (pic: BA)
British Airways is investigating the theft of customer data from hundreds of thousands of customers from its website and mobile app.
The airline said personal and financial details of customers making bookings had been compromised by the hack which continued for almost two weeks.
About 380,000 transactions were affected in the raid between 21 August and 5 September. Information stolen included customer names, email addresses, home addresses and payment card information – but not travel or passport details.
In a statement BA said: “The breach has been resolved and our website is working normally.
“We have notified the police and relevant authorities. We are deeply sorry for the disruption that this criminal activity has caused. We take the protection of our customers’ data very seriously.”
BA said all customers affected by the breach had been contacted on Thursday night. Under GDPR rules, companies must inform regulators within 72 hours of becoming aware of a data breach.
The airline added that anyone who believed they might have been affected should contact their bank or credit card provider and follow their recommendations.
Alex Cruz, British Airways’ chairman and chief executive, said: “We are deeply sorry for the disruption that this criminal activity has caused. We take the protection of our customers’ data very seriously.”
The National Crime Agency and National Cyber Security Centre confirmed they are assessing the incident.
Consumer group Which? said people concerned they could be at risk should consider changing their online passwords, monitor bank and other online accounts and be wary that fraudsters may refer to the breach in scam emails.
In July, BA apologised after an IT failures caused a number of flights through Heathrow to be cancelled.