British Airways recently announced a major data breach of their online and app-based platforms. The company stated: “We are investigating, as a matter of urgency, the theft of customer data between 22:58 BST August 21, 2018, until 21:45 BST September 5, 2018, from our website, ba.com, and our mobile app. The stolen data included personal and financial details of customers making bookings and changes on ba.com and the airline’s app. The data did not include travel or passport details.
The theft has been reported to the authorities and our website is now working normally.”
What can people do if they think they’ve been a victim of this BA ‘hack’? BA asks customers to check their bank accounts and contact their banks if there is a fraudulent transaction due to the disruption.
The ICO have been made aware: “An ICO spokesperson said: ‘British Airways has made us aware of an incident and we are making enquiries’.”
The breach has affected nearly 380,000 customer booking transactions during the period under investigation in August and September 2018. No passport or ID-based data was breached. Analysts believe the company was a victim of a Magecart scam that targets entry forms for credit card payments. The investigation is on-going.