- British Airways has been hit by a data attack that affected nearly 380,000 customers.
- Only customers who have transacted between August 21 to September 5 were said to be affected in this attack.
- The airline has promised financial compensation to those affected by the leak of financial information.
British Airways (BA) has suffered a massive data breach that has affected a large portion of its customers who have transacted using its mobile app or website between August 21 and September 5 for booking flights. The airliner admitted on its website that the personal and financial details of its customers were leaked in the hack but the information did not include any travel itinerary or passport information.
British Airways has assured customers that those who have suffered financially due to this event will be duly compensated but still urges them to contact their respective banks if they had transacted on ba.com or the mobile app between the aforementioned dates. The airline is working with the authorities and experts to ascertain how this attack happened. In a statement to the BBC, Chief Executive and Chairman of British Airways, Alex Cruz said that the hackers carried out a 'sophisticated, malicious criminal attack' on the BA website. He also added: "We're extremely sorry. I know that it is causing concern to some of our customers, particularly those customers that made transactions over BA.com and app. We discovered that something had happened but we didn't know what it was [on Wednesday evening]. So overnight, teams were trying to figure out the extent of the attack."
According to Cruz, the leaked information consisted of names, email addresses, and credit card information (including card number, expiration date, and the three-digit CVV code). While BA does not store CVV codes, experts believe that hackers could have intercepted card details rather than taking them from BA's database. It is not known if anyone has been directly impacted by this breach and although BA has promised to compensate for any loss, customers are rightfully paranoid.
A data breach of this scale will also have implications for BA's finances as regulators can impose fines under GDPR, which can go up to 4% of global annual revenue, for not ensuring the safety of customer data. BA is not new to IT goof-ups but this attack does impact the airline in a big way. The airline resumed normal ticketing operations soon after the incident.
Data breaches are becoming increasingly common as hackers try to force their way into secure systems for mining user data, often with malicious intent. Just yesterday, we reported about mSpy's database getting breached, which resulted in the exposure of sensitive customer information.
While the onus of protecting customer data rests with the enterprise concerned, users also need to be vigilant and employ safe practices such as using strong passwords or two-factor authentication, keeping systems up to date etc. to minimize the risks as much as possible.