British Airways says it is “investigating, as a matter of urgency, the theft of customer data from our website and our mobile app,” after it found a breach that exposed financial information over a two-week period.
“The stolen data did not include travel or passport details,” the airline said on a special web page for people affected by the attack. But hackers were able to access customers’ names, email addresses and credit card information, according to law enforcement authorities in the U.K.
British Airways promises to reimburse any customer who loses money due to the data breach. Its CEO, Alex Cruz, tells the BBC, “We will compensate them for any financial hardship that they may have suffered.”
Cruz apologized for the exposure of data from some 380,000 transactions that took place over a roughly two-week period from Aug. 21 to Sept. 5. British Airways is contacting customers who were affected, recommending that they get in touch with their bank or credit card company.
British Airways says the problem has been fixed and that its systems are no longer affected by the cyberattack. The airline says it’s working with authorities to investigate the data exposure.
The National Cyber Security Center, which is part of Britain’s GCHQ security and intelligence agency, says British Airways’ recent customers should consider changing their passwords for bank and credit accounts, and monitor their accounts for any suspicious transactions.
News of the data breach follows a string of IT and technical problems for the carrier.
“In July, British Airways cancelled dozens of flights in and out of London’s Heathrow airport, affecting thousands of passengers,” NPR’s Frank Langfitt reports from London. “That problem began when a fire alarm forced the closure of the control tower, and then an IT problem caused more disruption for BA and other carriers.”
In May 2017, the airline was hit by a “major IT systems failure” that brought its operations to a grinding halt in the U.K. and stranded tens of thousands of passengers over the course of several days.
In August 2017, British Airways apologized for more delays, after passengers had to be checked in by hand due to “an information technology-related check-in system problem.”
In a brief statement about the recent data breach, the office of U.K. Information Commissioner Elizabeth Denham said, “British Airways has made us aware of an incident and we are making inquiries.”