British Airways suffered a data breach to the point of personal and financial details of 380,000 customers ended up compromised.
There is no indication yet of how the breach happened. The police and relevant authorities have been notified.
“From 22:58 BST August 21 2018 until 21:45 BST September 5 2018 inclusive, the personal and financial details of customers making or changing bookings on our website [ba.com] and [mobile] app were compromised,” the company said in a post. “The stolen data did not include travel or passport details.”
The company began notifying affected users directly and advising them to keep an eye on their bank accounts and to contact their banks or credit card providers and follow their recommended advice.
“Every customer affected will be fully reimbursed and we will pay for a credit checking service. We take the protection of our customers’ data seriously, and are very sorry for the concern that this criminal activity has caused. We will continue to keep our customers updated with the very latest information. We will be contacting customers and will manage any claims on an individual basis,” the company added.
As a precaution, customers could also reset their ba.com password and choose a new strong and unique one.
BA said “the incident has been resolved and all systems are working normally so customers due to travel can check-in online as normal.”
”Since the U.S. has enacted breach notification laws, businesses and consumers have been made acutely aware of the risks and brand damage that result from a cyberattack, but very little has been reported from Europe,” said Pravin Kothari, chief executive of CipherCloud. “Does that mean European businesses are more secure? Not necessarily. Now, thanks to GDPR, more European breaches will be made public. Unfortunately, even though technology has kept up with the latest attack methods and preventive solutions are available, it’s taken this kind of regulation to force awareness about the critical need to invest in security to protect your data.”
“With British Airway’s disclosure of hackers carrying out a malicious attack on its website and mobile app and Air Canada suffering a similar fate just last week, there’s nothing like a fresh wave of data breaches to drive home the importance of the security of customer data,” said Paul Bischoff, privacy advocate at Comparitech.com. “Somewhat encouraging is the admission that the BA attack did not compromise travel or passport details, but it has still had a knock-on effect to BA’s share prices, which have dropped 4 percent since the disclosure. It’s a stark reminder to companies that hold personal information on customers that hackers will come for them, the question is: Are they ready?”