British Airways apologizes after 380,000 customers hit
in cyber attack
Send a link to a friend
 [September 07, 2018]
By Paul Sandle
LONDON (Reuters) - British Airways was forced to apologize on Friday
after the credit card details of hundreds of thousands of its customers
were stolen over a two-week period in the worst ever attack on its
website and app.
The airline discovered on Wednesday that bookings made between Aug. 21
and Sept. 5 had been infiltrated in a "very sophisticated, malicious
criminal" attack, BA Chairman and Chief Executive Alex Cruz said. It
immediately contacted customers when the extent of the breach became
clear.
Around 380,000 card payments were compromised, the airline said, with
hackers obtaining names, street and email addresses, credit card
numbers, expiry dates and security codes - sufficient information to
steal from accounts.
The attack came 15 months after the carrier suffered a massive computer
system failure at London's Heathrow airport, which stranded 75,000
customers over a holiday weekend.
Shares in BA's parent, International Airlines Group <ICAG.L>, fell 3
percent in early deals on Friday.
Cruz said the carrier was "deeply sorry" for the disruption caused by
the sophisticated crime, which was unprecedented in the more than 20
years that BA had operated online.
He said the attackers had not broken the airline's encryption but did
not explain exactly how they had obtained the customer information.
"There were other methods, very sophisticated efforts, by criminals in
obtaining the data," he told BBC radio.
"It was having access to our systems in an illicit way, it was very
sophisticated."
British Airways informed customers affected by the attack on Thursday,
Cruz said. It advised them to contact their bank or credit card provider
and follow their recommended advice. It also took out ads in national
newspapers on Friday.
[to top of second column] |
Commuters pass a British Airways advert on the tube at Canary Wharf
station in London, Britain September 7, 2018. REUTERS/Kevin Coombs
COMPENSATION
Cruz said anyone who lost out financially would be compensated by the airline.
"The moment we found out that actual customer data had been compromised that's
when we began an all-out immediate communication to our customers, that was the
priority," he said.
Data security expert Trevor Reschke said that like any website which sees large
volumes of card transactions, British Airways was a ripe target for hackers.
"It is now a race between British Airways and the criminal underground," said
Reschke, head of threat intelligence at Trusted Knight.
"One will be figuring out which cards have been compromised and alerting
victims, whilst the other will be trying to abuse them while they are still
fresh."
IAG said the data breach had been resolved and the website was working normally,
and that no travel or passport details were stolen.
The airline had launched an investigation and notified police and other relevant
authorities.
After the computer system failure in May 2017, BA said it would take steps to
ensure such an incident never happened again, but in July it was forced to
cancel and delay flights out of the same airport due to problems with a
supplier's IT systems.
(Reporting by Paul Sandle and James Davey in London and Sangameswaran S and Rama
Venkat Raman in Bengaluru; Editing by Keith Weir)
[© 2018 Thomson Reuters. All rights
reserved.] Copyright 2018 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content. |
