by Oliver Gill, Social, Olivia Rudgard and Religious Affairs Correspondent, The Telegraph, September 7, 2018
British Airways has launched an “urgent” investigation and notified police after hundreds of thousands of customers’ personal and financial details were stolen.
The airline said the hack continued for almost two weeks, between August 21 and September 5, with 380,000 payments compromised.
Stolen information did not include travel or passport details.
Customers who made bookings through ba.com or the airline’s app are being urged to contact banks and credit card providers.
Alex Cruz, British Airways' chairman and chief executive said: "We are deeply sorry for the disruption that this criminal activity has caused. We take the protection of our customers' data very seriously."
Customers raised concerns that the airline had not contacted them directly to tell them about the hack.
Daniel Willis, 34, from Milton Keynes who booked a flight on Monday with the airline, said: "I saw the tweet, that was the first I knew of it. This is my first involvement with BA since they left me stranded with my wife and 2-year-old daughter for a few days in Düsseldorf in December - again with no communication.
"I’ve not heard anything from them on this and I’ve just had to cancel the card I used. They’re a shambles."
Under GDPR rules, companies must inform regulators within 72 hours of becoming aware of a data breach.
"If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, you must also inform those individuals without undue delay," according to guidelines from the Information Commissioner’s Office (ICO), the independent regulator that upholds information rights in Britain.
The ICO said it had been alerted to the British Airways hack. A spokesman said it would be “making inquiries”, but declined to comment further given the airline’s investigations were “at a very early stage.”
The data breach is the latest in a string to hit the airline sector. Last week Air Canada confirmed a data breach affecting 20,000 customers. In July, Thomas Cook admitted names, emails and flight details had been accessed, although the travel and airline company insisted fewer than 100 bookings had been compromised.
In May, US airline Delta admitted to two breaches during September and October last year.
More to follow
This article was written by Oliver Gill, Social, Olivia Rudgard and Religious Affairs Correspondent from The Telegraph and was legally licensed through the NewsCred publisher network. Please direct all licensing questions to [email protected].