British Airways hacked – customer data and details of 380,000 card payments stolen

“We’ll take more care of you…?”

Graham Cluley
Graham Cluley
@[email protected]

British Airways hacked - customer data and details of 380,000 card payments stolen

British Airways, which once liked to describe itself as “The World’s Favourite Airline”, is about to become a whole lot less popular with hundreds of thousands of its customers.

The airline has announced that hackers have stolen customers’ personal and payment card information from its website:

We are investigating, as a matter of urgency, the theft of customer data from our website and our mobile app. The stolen data did not include travel or passport details.

From 22:58 BST August 21 2018 until 21:45 BST September 5 2018 inclusive, the personal and financial details of customers making bookings on our website and app were compromised.

The breach has been resolved and our website is working normally. We have notified the police and relevant authorities.

We are deeply sorry for the disruption that this criminal activity has caused. We take the protection of our customers’ data very seriously.

Details are currently sparse, although BA spokespeople appear to have confirmed to the media that some 380,000 card payments were compromised in the breach of its website.

Sign up to our free newsletter.
Security news, advice, and tips.

BA says that it has now resolved the vulnerability, and that it is safe for passengers to check-in online, and book flights online. Customers are being advised to contact their banks for further advice.

It continues to investigate the incident, and one imagines will be publishing more details about the serious security breach as it becomes available.

Quite frankly, with GDPR now in force, it won’t just be affected customers who are watching with interest how this incident plays out.

Readers with long memories may recall that this is not the first time that British Airways has suffered at the hands of hackers.

For more discussion of this issue, be sure to listen to this episode of the “Smashing Security” podcast:

Smashing Security #095: 'British Airways hack, Mac apps steal browser history, and one person has 285,000 texts leaked'

Listen on Apple Podcasts | Spotify | Pocket Casts | Other... | RSS
More episodes...

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “British Airways hacked – customer data and details of 380,000 card payments stolen”

  1. Steven Law

    They have a very poor password policy, nothing complex allowed, no special characters and quite short, I couldn’t get passed creating a log on with more than 6 characters!

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.