British Airways was hacked, customer personal and payment card information of 380,000 were stolen by attackers, the stolen data did not include travel or passport details.
The company published a data breach notification on its website, the security breach affected customers making bookings on its website and app from 22:58 BST August 21 2018 until 21:45 BST September 5 2018 inclusive.
British Airways has launched an internal investigation and notified the police and relevant authorities.
“We are investigating, as a matter of urgency, the theft of customer data from our website and our mobile app. The stolen data did not include travel or passport details.” reads the data breach notification.
“From 22:58 BST August 21 2018 until 21:45 BST September 5 2018 inclusive, the personal and financial details of customers making bookings on our website and app were compromised.”
The airline confirmed that the breach has been resolved and its services are now working normally. British Airways is communicating with affected customers and is recommending customers who believe they may have been affected by the breach to contact their banks or credit card providers.
A spokesperson told the TechCrunch website that “around 380,000 card payments” were stolen.
“We are deeply sorry for the disruption that this criminal activity has caused. We take the protection of our customers’ data very seriously.” said Alex Cruz, British Airways’ chairman and chief executive.
Privacy advocated and security experts believe the company could face severe fines due to the new European GDPR data protection laws.
In March 2015, British Airways Executive Club member accounts were hacked, it wasn’t a data breach because hackers used credentials available in the underground.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.