View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
September 7, 2018

BA Hacked: Payment and Personal Details Stolen

Breach occurred on August 21, lasted until September 5

By CBR Staff Writer

British Airways (BA) has been hacked, with personal and payment details of its customers stolen, the company reported late Thursday.

An estimated 380,000 customers who made bookings over a two-week period between August 21 and September 5 are affected.

In a public announcement this morning, the airline posted: “We are investigating, as a matter of urgency, the theft of customer data from our website and our mobile app. The stolen data did not include travel or passport details.”

The company added: “From 22:58 BST August 21 2018 until 21:45 BST September 5 2018 inclusive, the personal and financial details of customers making bookings and changes on our website and app were compromised. The breach has been resolved and our website is working normally. We have notified the police and relevant authorities.”

BA Hacked: Airline Pledges Reimbursements

BA said: “If you believe you have been affected by this incident, then please contact your bank or credit card provider and follow their recommended advice. Please check back here for further updates, we will be updating this page.”

Ilia Kolochenko, CEO of web security company, High-Tech Bridge, said in an emailed statement: “It is too early to make any definitive conclusions prior to a holistic technical investigation of the breach and its origins.”

“Shadow IT and legacy applications are a plague of today. Large organizations have so many intertwined websites, web services and mobile apps that they often forget about considerable part of them. On the other side, cybercriminals are very proactive, and as soon as a new vulnerability is discovered in a popular CMS they start exploiting it in the wild. Obviously, abandoned systems remain unpatched for years and serve a perfect prey to the attackers.”

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

“Web applications are the Achilles’ heel of modern companies and organizations. Lawmakers make their lives even more complicated, as for example with GDPR, many organizations had to temporarily give up their practical cybersecurity and concentrate all their efforts on paper-based compliance. New cybersecurity regulations may do more harm than benefit for the society if improperly imposed or implemented.”

BA added: “Every customer affected will be fully reimbursed and we will pay for a credit checking service. We take the protection of our customers’ data seriously, and are very sorry for the concern that this criminal activity has caused” BA said.

To be updated.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.