British Airways is looking into a data theft incident that affected its website and app over a two-week period. The airline has advised affected customers to get in touch with their banks or credit card providers.
The breach involved around 380,000 payment cards, and the airline has reported the incident to the police. Fortunately, the stolen data didn’t include travel or passport details. The personal and financial details of customers who made bookings on ba.com or through the airline’s app between 22:58 BST on August 21, 2018, and 21:45 BST on September 5, 2018, were compromised. The issue has since been fixed, and the BA website is functioning normally again.
Upon discovering the breach, the airline quickly tried to assess its severity and determine which customers were affected. Immediate communication with affected customers began as soon as it was confirmed that their data had been compromised.
On Thursday night, all impacted customers were contacted. The breach only concerns those who purchased tickets during the specific period mentioned; customers who bought tickets at other times were not affected.
BA has stressed the importance of affected customers following instructions from their credit card or bank providers to manage the data breach. The airline could face significant fines if found negligent under new data protection regulations, with penalties potentially reaching up to 4% of global revenues, which for BA could mean up to £500m.