British Airways has launched an urgent investigation after it was hit by a major security breach.
Personal and financial data of nearly 400,000 customers was stolen from its website and mobile app, although BA stressed the data did not include travel or passport details.
The breach happened between August 21 and September 5 inclusive and targeted customers making bookings or changes to their bookings.
BA assured customers the breach has now been resolved and its website is working normally.
It has also notified the police and relevant authorities.
Chairman and chief executive Alex Cruz said: "We are deeply sorry for the disruption that this criminal activity has caused. We take the protection of our customers' data very seriously."
Customers who believe they have been affected should contact their bank or credit card provider and follow their recommended advice.
BA said it is contacting affected customers directly to advise them of what has happened and says they will be fully reimbursed for a credit checking service.
It is also advising passengers to reset their passwords for its website and to choose a unique password not used on other online accounts.
Speaking to BBC Breakfast, Cruz said it was a 'sophisticated, malicious criminal attack'.
He said it had been alerted to the attack by a 'partner'.
The airline has taken out adverts apologising for the breach in today's newspapers.
But some customers have complained that they have not been contacted by the airline and have only found out about the breach through the media.
Paul Farrington, head of EMEA at app security company CA Veracode, said it was shocking that it took 16 days to detect the breach.
He said IT issues are not only affecting BA but the wider airline industry.
"As airlines become ever more dependent on software, this creates a greater surface for hackers to attack and so it is no surprise that breaches of this scale are becoming commonplace," he said.
Shares in BA parent IAG were down almost 3% this morning.
Fiona Cincotta, senior market analyst at City Index, said the company was grappling with the aftermath.
"BA said that the attack was a sophisticated breach of its security system but this is the last in a series of IT problems the company has had this year including IT issues which caused flights in and out of Heathrow airport to be cancelled only six weeks ago," she said.
Courtesy of Travelmole
Details of the data breach were revealed on Thursday, when the airline announced it had been hit by the cyber attack that had compromised passenger details between August 21 and September 5.
Up to 380,000 passengers' details could have been compromised.
The Times reports legal firm SPG Law is seeking compensation on behalf of passengers.
The claim is on top of money the airline has already promised to pay out to compensate for financial loss, including money stolen from bank accounts and a 12-month credit-rating monitoring service for those affected.
The Times says the law firm claims BA should also pay for non-material damage. Each passenger should be able to claim £1,250, according to the lawyers. If all affected passengers were to claim, it would cost the airline £475 million.
Meanwhile, the Sunday Times reports a security expert who had worked at BA had claimed the hack was 'a disaster waiting to happen'.
Courtesy of Travelmole
Post a Reply
Please sign in or register an account to reply to this post.