LONDON: British Airways said that the personal and financial details of customers making bookings between August 21 and September 5 had been stolen in a data breach involving 380,000 bank cards.
The almost two week long hack did not involve travel or passport details, the airline said, adding that it had launched an urgent investigation into the theft of customer data.
“The personal and financial details of customers making bookings on our website and app were compromised,” it said. “The breach has been resolved and our website is working normally. We have notified the police and relevant authorities.”
BA said the breach took place between 2158 GMT on August 21 and 2045 GMT on September 5 and that around 380,000 payment cards were compromised.
BA advised anyone who believed they may have been affected to contact their bank or credit card provider and follow their recommendations.
In terms of compensation, BA said they would be in touch with customers “and will manage any claims on an individual basis.”
“We are deeply sorry for the disruption that this criminal activity has caused,” the airline said.
It said customers due to travel could check in online as normal as the incident had been resolved.
BA customer Daniel Willis, 34, who booked a flight on Monday with the airline, said he had not been contacted by the airline despite being affected by the data breach.
“I’ve not heard anything from them on this and I’ve just had to cancel the card I used. They’re a shambles,” he told the Daily Telegraph newspaper.
Another BA customer, Stephanie Jowers, said she contacted the airline hours before the hack was announced to query a suspicious charge on her account but was not informed it could have been compromised.