British Airways hacked – customer data and details of 380,000 card payments stolen

“We’ll take more care of you…?”

Graham Cluley

British Airways hacked - customer data and details of 380,000 card payments stolen

British Airways, which once liked to describe itself as “The World’s Favourite Airline”, is about to become a whole lot less popular with hundreds of thousands of its customers.

The airline has announced that hackers have stolen customers’ personal and payment card information from its website:

We are investigating, as a matter of urgency, the theft of customer data from our website and our mobile app. The stolen data did not include travel or passport details.

From 22:58 BST August 21 2018 until 21:45 BST September 5 2018 inclusive, the personal and financial details of customers making bookings on our website and app were compromised.

The breach has been resolved and our website is working normally. We have notified the police and relevant authorities.

We are deeply sorry for the disruption that this criminal activity has caused. We take the protection of our customers’ data very seriously.

Details are currently sparse, although BA spokespeople appear to have confirmed to the media that some 380,000 card payments were compromised in the breach of its website.

EmailSign up to our newsletter
Security news, advice, and tips.

BA says that it has now resolved the vulnerability, and that it is safe for passengers to check-in online, and book flights online. Customers are being advised to contact their banks for further advice.

It continues to investigate the incident, and one imagines will be publishing more details about the serious security breach as it becomes available.

Quite frankly, with GDPR now in force, it won’t just be affected customers who are watching with interest how this incident plays out.

Readers with long memories may recall that this is not the first time that British Airways has suffered at the hands of hackers.

For more discussion of this issue, be sure to listen to this episode of the “Smashing Security” podcast:

Smashing Security #095: 'British Airways hack, Mac apps steal browser history, and one person has 285,000 texts leaked'

Listen on Apple Podcasts | Google Podcasts | Pocket Casts | Spotify | Other... | RSS
More episodes...

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, on Mastodon at @[email protected], or drop him an email.

One comment on “British Airways hacked – customer data and details of 380,000 card payments stolen”

  1. Steven Law

    They have a very poor password policy, nothing complex allowed, no special characters and quite short, I couldn’t get passed creating a log on with more than 6 characters!

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.