After the credit card information of hundreds of thousands of its customers were compromised over a two-week period in the most serious attack on its website and app, British Airways expressed regret and apologised, according to a report in Reuters.
The airline learned last week that bookings made between Aug. 21 and Sept. 5 had been infiltrated in a “very sophisticated, malicious criminal” attack, BA chairman and chief executive Alex Cruz said. The company immediately contacted customers when the extent of the breach became clear, reported Reuters.
According to the airline, around 380,000 card payments were compromised, with hackers obtaining names, street and email addresses, credit card numbers, expiry dates and security codes – sufficient information to steal from accounts.
The attack came 15 months after the carrier suffered a massive computer system failure at London’s Heathrow airport, which stranded 75,000 customers over a holiday weekend.
Shares in BA’s parent, International Airlines Group, were down 2 percent in afternoon trading on Friday, said Reuters.
Cruz said the carrier was “deeply sorry” for the disruption caused by the attack which was unprecedented in the more than 20 years that BA had operated online.
He said the attackers had not broken the airline’s encryption but did not explain exactly how they had obtained the customer information.
“There were other methods, very sophisticated efforts, by criminals in obtaining the data,” he told BBC radio.
The country’s Information Commissioner’s Office said it had been alerted by BA and it was making enquiries. Under new GDPR data regulations companies must inform regulators of a cyber attack within 72 hours.
BA advised customers to contact their bank or credit card provider and follow their recommended advice. It also took out ads in national newspapers on Friday.
Cruz said anyone who lost out financially would be compensated by the airline.
After the computer system failure in May 2017, BA said it would take steps to ensure such an incident never happened again, but in July it was forced to cancel and delay flights out of the same airport due to problems with a supplier’s IT systems, according to the Reuters report.