Massive British Airways Data Breach Could Result in £500m Fine
British Airways could face a fine of up to £500m after a “massive” breach of customers’ personal data
The airline is thought to have leaked information on 38,000 customers who have used its online booking system.
Crucially, this breach has compromised payment data -- which means customers are having to go through the inconvenience of cancelling payment cards that they’ve used to book flights with the firm. This is a relatively rare occurrence; we see data breaches almost every week, but most thankfully don’t include card information.
But in the BA attack, hackers obtained names, addresses, card numbers, expiry dates, and CVV numbers -- theoretically opening up customers to attack.
Security experts believe that the hack may have been a supply chain attack.
Who is Affected By the British Airways Hack?
British Airways says that the card details obtained relate to transactions in a relatively small period of time, and only relate to transactions on its own website or app.
It says if you booked a flight between 21:58 BST (+0100) on 21st August and 21:45 BST on 5th September, your details are included in the breached database.
Customers who changed bookings within that time window are also included in the breach, but those who booked through travel agents are not affected.
The company sent an email to affected customers on Friday 7th September. But many customers found out from news reports in the preceding days.
What Happens Next for BA?
The Information Commissioner has the power to fine BA around £17 million, or 4% of its global turnover, whichever is higher. At the same time, its parent company, International Airlines Group, has seen a 3% dip in its share value.
Banks are said to be reporting a high volume of calls as frantic customers call to check their accounts and order new cards.
What Should BA Customers Do Now?
If you’ve booked a flight with British Airways and you’re likely to be affected, you should have received an email from the company with more details. Unfortunately, a hack like this poses a relatively high risk of card fraud, identity theft, or phishing attacks, so it’s important to be vigilant. Once these kinds of details are obtained, they tend to be bought and sold on the dark web or among hacking groups, meaning that they could be used for fraudulent purchases any time.
All credit or debit cards used with British Airways should be cancelled as soon as possible, and you should flag up suspicious transactions immediately with your bank.
British Airways chiefs have promised to compensate customers for the inconvenience in the form of a full refund for fraudulent transactions, plus a free 12-month subscription to a credit report monitoring service.
Concerned customers can check the latest news on the hack on this official British Airways page. It says that flights and bookings will not be affected.