British Airways has been forced to issue a grovelling apology – and has rushed out full-page press ads in today’s newspapers – after admitting its website has been hit by a major data breach which lasted nearly a fortnight before being spotted.
The airline said the personal data of at least 380,000 customers had been compromised in the incident, with payment card information, customer names, email addresses, and home addresses affected but not travel or passport details.
It said customers using BA.com and its mobile app for flight bookings were targeted by hackers between August 21 and September 5.
Unlike the recent Dixons Carphone attack, the incident falls under GDPR and opens up the prospect of a huge fine if the airline’s data security is found wanting. The Information Commissioner’s Office said it had been alerted to the hack but said its enquiries were at a very early stage.
When quizzed on why it took the airline nearly two weeks to discover its systems were under seige, chief executive Alex Cruz told the BBC that it “was a very sophisticated, criminal attack” and the first such incident in the 20 years since the site launched.
Cruz added: “We are absolutely committed to the integrity of the data of our customers. The important thing is that as soon as we found out that these records may have been compromised we began the communications process to all of our customers to alert them about this potential problem.”
The press ads, which are running across major UK titles, state: “We are deeply sorry for the disruption that this criminal activity has caused. At British Airways, we take the protection of our customers’ data very seriously. We will provide further updates when appropriate.”
Data breach complaints soar by 160% in three months
British Airways grounded as data privacy storm erupts
Superdrug has bad hair day as online data goes AWOL
Butlin’s customer holiday plans exposed in online raid
Dixons Carphone fesses up that 10m were hit by breach
Dixons Carphone and the £400m data breach question
Dixons Carphone pummelled as hackers strike again