British Airways Hacked – 380,000 Payment Cards Compromised

Posted by & filed under Security Alerts.

British Airways, who describes itself as “The World’s Favorite Airline,” has confirmed a data breach that exposed personal details and credit-card numbers of up to 380,000 customers and lasted for more than two weeks.

In a statement released by British Airways on Thursday, customers booking flights on its website (ba.com) and British Airways mobile app between late 21 August and 5 September were compromised. The airline advised customers who made bookings during that 15 days period and believe they may have been affected by this incident to “contact their banks or credit card providers and follow their recommended advice.”

British Airways stated on its Twitter account that personal details stolen in the breach included their customers’ names and addresses, along with their financial information, but the company assured its customers that the hackers did not get away with their passport numbers or travel details.

The company also said that saved cards on its website and mobile app are not compromised in the breach. Only cards that have been used by you to make booking payments during the affected period are stolen.

“We are investigating, as a matter of urgency, the theft of customer data from our website and our mobile app,” the company said in a statement. “The stolen data did not include travel or passport details.”

Although the statement released by the did not mention the number of affected customers, the company’s spokesperson confirmed to the media that some 380,000 payment cards were compromised in the breach. Also currently, it is not clear how the data breach occurred, but some media outlets are reporting that the breach was identified when “a third party noticed some unusual activity” and informed the company about it.

A spokesperson from British Airways confirmed The Hacker News that “this is data theft, rather than a breach,” which suggests someone with privileged access to the data might have stolen it.

British Airways also informed the police and the Information Commissioner and currently reaching out to affected customers directly. However, the company assured its customers that the security breach has now been resolved, and its website is working normally and is now safe for passengers to check-in online, and book flights online.

The National Crime Agency is aware of the British Airways data breach and is “working with partners to assess the best course of action.”

Air Canada also suffered a severe data breach late last month, which, along with personal data, also exposed passport number and other passport and travel details of about 20,000 mobile app customers.

 

The information contained in this website is for general information purposes only. The information is gathered from The Hacker News while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.