Menu
BA apologises after 380,000 customers hit in cyber attack

BA apologises after 380,000 customers hit in cyber attack

Hackers obtained names, street and email addresses, credit card numbers, expiry dates and security codes

Credit: Dreamstime

British Airways has apologised after the credit card details of hundreds of thousands of its customers were stolen over a two-week period in the most serious attack on its website and app.

The airline discovered last week that bookings made between 21 August and 5 September had been infiltrated in a "very sophisticated, malicious criminal" attack, BA chairman and CEO Alex Cruz said.

It immediately contacted customers when the extent of the breach became clear.

Around 380,000 card payments were compromised, the airline said, with hackers obtaining names, street and email addresses, credit card numbers, expiry dates and security codes - sufficient information to steal from accounts.

The attack came 15 months after the carrier suffered a massive computer system failure at London's Heathrow airport, which stranded 75,000 customers over a holiday weekend.

Shares in BA's parent, International Airlines Group, were down two per cent in afternoon trading on Friday.

Cruz said the carrier was "deeply sorry" for the disruption caused by the attack which was unprecedented in the more than 20 years that BA had operated online. He said the attackers had not broken the airline's encryption but did not explain exactly how they had obtained the customer information.

"There were other methods, very sophisticated efforts, by criminals in obtaining the data," he told BBC radio.

IT security company Avast said that based on the limited information available the attackers had probably targeted a gateway between the airline and a payment processor because no travel details had been stolen.

"Quite often, when it's just a hack of a database somewhere it is hard to identify when something has been compromised," Avast's consumer security expert Pete Turner said. "This feels much more like a transaction-type attack, where data is moving about within the system."

Compensation

Britain's government said authorities including the National Cyber Security Centre and the National Crime Agency, part of the country's police, were piecing together what happened.

"Specialist officers from the NCA's National Cyber Crime Unit are managing the ongoing investigation and are on site working with BA to gain a better understanding of the incident," the NCA said.

The country's Information Commissioner's Office said it had been alerted by BA and it was making enquiries. Under new GDPR data regulations companies must inform regulators of a cyber attack within 72 hours.

BA advised customers to contact their bank or credit card provider and follow their recommended advice - it also took out ads in national newspapers on Friday.

Cruz said anyone who lost out financially would be compensated by the airline.

Data security expert Trevor Reschke said that like any website which sees large volumes of card transactions, BA was a ripe target for hackers.

"It is now a race between British Airways and the criminal underground," said Reschke, head of threat intelligence at Trusted Knight. "One will be figuring out which cards have been compromised and alerting victims, whilst the other will be trying to abuse them while they are still fresh."

NatWest, one of Britain's biggest card issuers, said it was receiving higher-than-usual call volumes because of the breach.

It said in a recorded message that its security systems would likely stop any fraud as a result of the hack but anyone affected should look out for unusual activity on their accounts.

Meanwhile, American Express said clients did not need to take any action and the company would alert anyone with unusual activity on their cards.

IAG said the data breach had been resolved and the website was working normally, and that no travel or passport details were stolen.

After the computer system failure in May 2017, BA said it would take steps to ensure such an incident never happened again, but in July it was forced to cancel and delay flights out of the same airport due to problems with a supplier's IT systems.

(Reporting by Paul Sandle and James Davey in London and Sangameswaran S and Rama Venkat Raman in Bengaluru; Editing by Keith Weir and Louise Heavens)


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags British Airwayscyber attack

Events

Featured

Slideshows

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

This year’s Reseller News 30 Under 30 Tech Awards were held as an integral part of the first entirely virtual Emerging Leaders​ forum, an annual event dedicated to identifying, educating and showcasing the New Zealand technology market’s rising stars. The 30 Under 30 Tech Awards 2020 recognised the outstanding achievements and business excellence of 30 talented individuals​, across both young leaders and those just starting out. In this slideshow, Reseller News honours this year's winners and captures their thoughts about how their ideas of leadership have changed over time.​

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners
Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

This exclusive Reseller News Exchange event in Auckland explored the challenges facing the partner community on the cloud security frontier, as well as market trends, customer priorities and how the channel can capitalise on the opportunities available. In association with Arrow, Bitdefender, Exclusive Networks, Fortinet and Palo Alto Networks. Photos by Gino Demeer.

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security
Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomed 2019 inductees - Leanne Buer, Ross Jenkins and Terry Dunn - to the fourth running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing face of the IT channel ecosystem in New Zealand and what it means to be a Reseller News Hall of Fame inductee. Photos by Gino Demeer.

Reseller News welcomes industry figures at 2020 Hall of Fame lunch
Show Comments