British Airways customers are having to cancel their credit cards after the airline suffered a 15-day data breach, compromising some 380,000 card payments.
The total number of payments could reach up to 400,000. BA confirmed that “criminal activity” had compromised customers’ names, addresses, credit card numbers, security codes and expiry dates – more than enough data to conduct fraud.
The hack, which has now been fixed, did not involve travel or passport details. BA has encouraged customers effected to travel as normal.
The airline’s chairman, Alex Cruz, said that the hackers were “very sophisticated criminals” who had gained access to BA’s system rather than infiltrating their encrypted data.
The breach had gone unnoticed for over two weeks – from 11pm on August 21 to September 5. BA stated they are investigating the breach “as a matter urgency.” The National Crime Agency and the National Cyber Security Centre are also reportedly investigating.
Speaking on BBC Radio 4’s Today program, Cruz vowed to refund any customers, stating: “We did it (contacted customers) as soon as we could. As of last night, all those affected have been contacted.
“It was a very sophisticated efforts by criminals. They got in having gained access to our systems in an illicit way. It was very sophisticated.
“In 20 years of running BA.com, we have never have we had a breach of this type.”
The airline took out full advert in British newspapers in an attempt to apologize. Despite their best efforts shares in BA’s parent group IAG slid three percent in the early London trading.
If you like this story, share it with a friend!