Credit card details of around 380,000 British Airways customers were stolen over a two-week period in the worst ever attack on the airline’s website and app.
The airline discovered on Wednesday that bookings made between August 21 and September 5 had been infiltrated in a “very sophisticated, malicious criminal” attack, BA Chairman and Chief Executive Alex Cruz said, adding that customers were immediately contacted when the extent of the breach became clear.
The airline said customers’ card payments were compromised, with hackers obtaining names, street and email addresses, credit card numbers, expiry dates and security codes – sufficient information to steal from accounts.
The attack came 15 months after the carrier suffered a massive computer system failure at London’s Heathrow airport, which stranded 75,000 customers over a holiday weekend.
In an apology to customers on Friday, Cruz said British Airways was “deeply sorry” for the disruption caused by the sophisticated crime, which was unprecedented in the more than 20 years that BA had operated online.
He said the attackers had not broken the airline’s encryption but did not explain exactly how they had obtained the customer information.
“There were other methods, very sophisticated efforts, by criminals in obtaining the data,” he told BBC radio.
The airline said it notified affected customers on Thursday, advising them to contact their banks or credit card providers and follow their recommended advice. It also placed advertisements in national newspapers on Friday.
According to Cruz, anyone who lost out financially would be compensated by British Airways.