Airline hack hits 380,000 passengers
HACKERS have obtained the credit card details of some 380,000 British Airways travellers during a two-week data breach that has left them vulnerable to financial fraud.
The airline's CEO Alex Cruz said enough data was stolen to allow criminals to use credit card information for illicit purposes, and that police are investigating.
"We know that the information that has been stolen is name, address, email address, credit card information; that would be credit card number, expiration date and the three-letter code in the back of the credit card," he told the BBC.
He added that no passport data had been obtained in what he called a "very sophisticated, malicious criminal attack".
The airline advises people to contact their bank or credit card company if they used the British Airway website and mobile app to make or change a booking between 10.58pm London time on August 21 and 9.45pm London time on September 5.
The recommendation does not apply to customers who bought tickets or changed reservations outside those times.
Customers have voiced their outrage over the hack on Twitter.
"I was contacted via email at about 1.50am, so it was already too late. I cancelled my card this morning and I am in constant worry now. Plus I need to wait for at least a week to get a new one," one passenger wrote.
Another said: "Sorry isn't good enough … I'll be waiting to hear about the compensation".
The airline has promised to reimburse any financial losses suffered by customers directly because of the theft of this data.
Consumer advice website MoneySavingExpert says affected customers should first seek advice from their bank, then monitor bank and credit card statements closely for signs of possible fraudulent activity.
It also warns of possible "phishing scams" in which hackers would try to trick affected consumers into revealing personal information like pincodes or banking passwords.
Some angry travellers complained to Britain's Press Association that they had already noted bogus activity on credit cards that had been used to make British Airways bookings during the time when the breach was undetected.
The hack once again puts the spotlight on the strength of the IT systems at major companies as they expand their digital services.
British Airways experienced an IT-related crisis in May last year when roughly 75,000 passengers were stranded after the airline cancelled more than 700 flights over three days because of system problems.
Meanwhile, in the US< Delta Airlines said in April that payment-card information for several hundred thousand customers could have been exposed by a malware breach months earlier.
British Airways revealed the new hack yesterday and began notifying customers.
Britain's National Crime Agency says it is investigating.
Shares in BA's parent company, IAG, were down 3 per cent on Friday.