British Airways has announced that it has been a victim of a hacker attack that has revealed the personal and financial details of its customers.
According to known details and what appears to be a pretty fast and reasonable reaction, mostly due to the fact that GDPR has come into effect, hackers managed to gather details from the British Airways website and app for two weeks.
According to British Airways, the stolen details did not contain travel or passport details, but the company is advising its customer to both cancel their cards or at least contact the bank and change the BA.com passwords.
The report suggests that over 380,000 transactions were affected over the period of 16 days, which is quite a number but not that surprising considering that we are looking at the British Airways.
“From 22:58 BST August 21 2018 until 21:45 BST September 5 2018 inclusive, the personal and financial details of customers making or changing bookings on our website and app were compromised. The breach has been resolved and our website is working normally. We have notified the police and relevant authorities,” said the note on the British Airways website.
Alex Cruz, CEO of British Airways has apologized to the customers and the company is doing everything it can to fix the problem, including compensating customers that were financially affected by this attack.
“We are 100% committed to compensate them, period. We are committed to working with any customer who may have been financially affected by this attack, and we will compensate them for any financial hardship that they may have suffered,” Alex Cruz noted in an interview with BBC.
“We’re extremely sorry. I know that it is causing concern to some of our customers, particularly those customers that made transactions over BA.com and app. We discovered that something had happened but we didn’t know what it was [on Wednesday evening]. So overnight, teams were trying to figure out the extent of the attack,” he added.
Unfortunately, there are no details on how hackers managed to bypass security on British Airways’s website and app, and there are no details on how the company managed to catch up to it after 16 days, but some reports suggest that it actually didn’t and was notified by a partner.
This is the biggest breach since GDPR has gotten into effect, and the company now has to show that it did everything it can to ensure that such breach will not happen again but still it could be hit by a big fine, which can be up to 4 percent of global revenue, which could add up to £489 million.
The breach is currently under investigation from both the Information Commissioner’s Office, as well as the UK’s National Crime Agency and the National Cyber Security Centre.