Skip to main content

British Airways was forced to apologize on Friday after the credit card details of hundreds of thousands of its customers were stolen over a two-week period in the worst ever attack on its website and app.

The airline discovered on Wednesday that bookings made between Aug. 21 and Sept. 5 had been infiltrated in a “very sophisticated, malicious criminal” attack, BA Chairman and Chief Executive Alex Cruz said. It immediately contacted customers when the extent of the breach became clear.

Around 380,000 card payments were compromised, the airline said, with hackers obtaining names, street and email addresses, credit card numbers, expiry dates and security codes - sufficient information to steal from accounts.

Story continues below advertisement

The attack came 15 months after the carrier suffered a massive computer system failure at London’s Heathrow airport, which stranded 75,000 customers over a holiday weekend.

Shares in BA’s parent, International Airlines Group <ICAG.L>, fell 3 percent in early deals on Friday.

Cruz said the carrier was “deeply sorry” for the disruption caused by the sophisticated crime, which was unprecedented in the more than 20 years that BA had operated online.

He said the attackers had not broken the airline’s encryption but did not explain exactly how they had obtained the customer information.

“There were other methods, very sophisticated efforts, by criminals in obtaining the data,” he told BBC radio.

“It was having access to our systems in an illicit way, it was very sophisticated.”

British Airways informed customers affected by the attack on Thursday, Cruz said. It advised them to contact their bank or credit card provider and follow their recommended advice. It also took out ads in national newspapers on Friday.

Story continues below advertisement

Financial and personal data has been stolen from potentially hundreds of thousands of British Airways customers who booked online in recent weeks, extending a run of embarrassing technological mishaps suffered by the U.K. flag carrier. Reuters

COMPENSATION

Cruz said anyone who lost out financially would be compensated by the airline.

“The moment we found out that actual customer data had been compromised that’s when we began an all-out immediate communication to our customers, that was the priority,” he said.

Data security expert Trevor Reschke said that like any website which sees large volumes of card transactions, British Airways was a ripe target for hackers.

“It is now a race between British Airways and the criminal underground,” said Reschke, head of threat intelligence at Trusted Knight.

“One will be figuring out which cards have been compromised and alerting victims, whilst the other will be trying to abuse them while they are still fresh.”

Story continues below advertisement

IAG said the data breach had been resolved and the website was working normally, and that no travel or passport details were stolen.

The airline had launched an investigation and notified police and other relevant authorities.

After the computer system failure in May 2017, BA said it would take steps to ensure such an incident never happened again, but in July it was forced to cancel and delay flights out of the same airport due to problems with a supplier’s IT systems.

This content appears as provided to The Globe by the originating wire service. It has not been edited by Globe staff.

Report an error
Comments

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • All comments will be reviewed by one or more moderators before being posted to the site. This should only take a few moments.
  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

Comments that violate our community guidelines will be removed. Commenters who repeatedly violate community guidelines may be suspended, causing them to temporarily lose their ability to engage with comments.

Read our community guidelines here

Discussion loading ...

Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.
Cannabis pro newsletter