LONDON, Sept. 7 (Reuters) – British Airways was forced to apologize on Friday after the credit card details of hundreds of thousands of customers were stolen during a Two weeks period in the worst attack on your website and application.
The airline discovered on Wednesday that reservations made between August 21 and September 5 had been infiltrated in a “very sophisticated and malicious criminal” attack, said BA President and CEO Alex Cruz . He immediately contacted customers when the extent of the violation became apparent.
According to the airline, around 380,000 card payments were compromised, with hackers obtaining names, streets and email addresses, credit card numbers, expiration dates and security codes: enough information to steal accounts.
The attack came 15 months after the carrier suffered a massive failure of the computer system at London’s Heathrow airport, which left 75,000 stranded customers stranded during a holiday weekend.
Shares of BA’s parent company, International Airlines Group, fell 3 percent on early offers on Friday.
Cruz said the operator was “deeply sorry” for the disruption caused by the sophisticated crime, which was unprecedented in the more than 20 years that BA had operated online.
He said the attackers had not broken the airline‘s encryption, but they did not explain exactly how they had obtained the customer’s information.
“There were other methods, very sophisticated efforts, by the criminals in obtaining the data,” he told BBC radio.
“It was to have access to our systems illegally, it was very sophisticated”
British Airways informed customers affected by the attack on Thursday, Cruz said. He advised them to contact their bank or credit card provider and follow their recommended advice. He also took out advertisements in national newspapers on Friday.
Cruz said that anyone who lost money financially would be compensated by the airline.
“The moment we discovered that the real customer data had been compromised, it was when we started a full immediate communication to our customers, that was the priority,” he said.
Data security expert Trevor Reschke said that, like any website that sees large volumes of card transactions, British Airways was a mature target for hackers.
“Now it’s a race between British Airways and the underground criminal,” said Reschke, head of threat intelligence at Trusted Knight.
“One will be finding out which letters have been compromised and warning the victims, while the other will try to abuse them while they are still fresh.”
IAG said that the data breach had been resolved and that the website was functioning normally, and that no passport or travel data was stolen.
The airline had initiated an investigation and notified the police and other relevant authorities.
After the computer system failure in May 2017, BA said it would take steps to ensure that such an incident never happened again, but in July it was forced to cancel and delay flights from the same airport due to problems with the IT systems of a provider.