BA probes theft of customers' financial details from website and mobile app
British Airways has notified the police after the theft of customer data from its website and mobile app.
The airline said the personal and financial details of customers who made bookings on its website or app from 10.58pm on August 21 until 9.45pm on September 5 had been compromised.
Around 380,000 payment cards were compromised.
BA said the stolen data did not include travel or passport details, adding that it was investigating the security breach as a matter of urgency.
The company said the breach had been resolved and the website was now working normally, and all customers affected by the breach had been contacted on Thursday night.
Alex Cruz, British Airways’ chairman and chief executive, said: “We are deeply sorry for the disruption that this criminal activity has caused. We take the protection of our customers’ data very seriously.”
The company said it is communicating with affected customers and advised anyone who believed they may have been affected to contact their banks or credit card providers.
The National Crime Agency said it was aware of the data breach affecting British Airways and was consulting with partners, including the National Cyber Security Centre, to assess the best course of action.
A spokesman for the Information Commissioner’s Office said they would be making inquiries about the data theft.
Alex Neill of Which? said: “British Airways customers will be concerned to hear about this data breach. It is now vital that the company moves quickly to ensure those affected get clear information about what has happened and what steps they should take to protect themselves.
“Anyone concerned they could be at risk of fraud should consider changing their online passwords, monitor bank and other online accounts and be wary of emails regarding the breach as scammers may try and take advantage of it.”