British Airways issued a press release saying that the “personal and financial details” of customers that have used its website and mobile app to book travel have been stolen, but that this does not include travel details (itineraries) or passport information.
This all happened late Wednesday night London time,
From 22:58 BST August 21 2018 until 21:45 BST September 5 2018 inclusive, the personal and financial details of customers making bookings on ba.com and the airline’s app were compromised.
The breach has been resolved and our website is working normally.
They say they’re reaching out to customers they believe have been affected, but that anyone worried about it should “contact their banks or credit card providers” and do whatever those companies suggest. In other words they have no suggestions and aren’t funding options at this time.
The CEO of British Airways, Alex Cruz, says they’re “deeply sorry for the disruption that this criminal activity has caused. We take the protection of our customers’ data very seriously.” But not seriously enough to invest in better security or cover credit monitoring or other assistance for customers whose financial and personal information was revealed, although perhaps that will come.
Travel providers, financial institutions, and retailers are subject to hacks all the time. Personal data isn’t safe, and that should make us skeptical of centralized databases of personal information regardless of who collects it.
And there’s not much we can do about it, pay for LifeLock? LifeLock is the company whose CEO published his social security number to demonstrate the power of his system and dared hackers to steal his identity. Which they promptly did. Thirteen times.
It seems to me British Airways ought to compensate affected members with miles, at least.
Thanks, Gary. We bought BA tickets yesterday and I’ll be contacting our credit card provider right away.
Question, will Alex Cruz wear a safety vest and film another apology video in front of a random computer?
The good news is that the website and app errored out for 99% of prospective customers before they could input their personal information.
Would pertinent financial information have been lost if AMEX Checkout (and others like it) was an option? I’ve noticed on other sites a different credit card number is used whenever I used the branded online payment system.
whatever everything is on the web anyway…
Booked a BA ticket day prior to the 5th. Called my credit card to cancel it and get a new card. Called BA customer service about this fiasco, it was a India call center not able to, surprise, understand much of anything. So I will call BA’s corporate office in UK and mention ‘class action’. BA says it will contact affected people, but I’m not holding my breath. Compensation is something that I will demand from them, if only miles. Idiots.
Is Iberia impacted also?
As I posted above, we had bought BA tickets on their website right at the end of the period in question.
After reading about it here, I called Chase yesterday and the rep hadn’t even heard about it (maybe they should subscribe to the blog). We finally got an email last night from BA (obviously caught a little flat-footed) and they are obviously taking it seriously. It’s prominent on their website.
https://www.britishairways.com/en-us/information/incident/data-theft/latest-information
I called Chase back today to request them to cancel the card in question and issue us a new one. They did that without argument.
It’s now getting a fair amount of media coverage.
https://www.bbc.com/news/uk-england-london-45440850
Thanks again, Gary, for your scoop on this.
I was affected and don’t know what to do! Leaving for a trip this weekend and am frustrated that I have to worry about this! Thoughts or suggestions????
I just sent a note to their security area as directed in the email.