Hackers are always looking for new and profitable targets for their own malicious gains. So, it is quite natural that the world’s favorite airline is on their radar. Reportedly, British Airways has become a victim of a “worrying” and “astounding” data breach in which private and financial information of about 380,000 of the airlines’ customers has been exposed to cybercriminals.
The news of the breach was publicly disclosed on Wednesday evening while it occurred between 21 August and 5 September.
On Thursday, the airlines released an official statement according to which the customer data has been stolen from its mobile application servers and website and that the incident is currently being investigated.
“From 22:58 BST August 21, 2018, until 21:45 BST September 5, 2018, inclusive, the personal and financial details of customers making bookings on our website and app were compromised” the statement stated.
British Airways spokesperson clarified that the systems of the company remained hacked for over two weeks. The data exposed to cybercriminals don’t include a passport or traveling information of the customers, but does include personal and financial data of those who booked travel through the airways’ website or mobile app during the abovementioned period.
We are investigating the theft of customer data from our website and our mobile app, as a matter of urgency. For more information, please click the following link:https://t.co/2dMgjw1p4r
— British Airways (@British_Airways) September 6, 2018
As per the chairman and CEO of British Airways, Alex Cruz, the affected customers will be contacted and urged to inform their financial service providers regarding the incident. Cruz also mentioned that all financial claims will be handled by the company on an individual basis. He described this incident as ‘sophisticated, malicious criminal attack,’ and issued a statement apologizing for the inconvenience.
“We are deeply sorry for the disruption that this criminal activity has caused. We take the protection of our customers’ data very seriously.”
The company maintains that the affected systems have now been patched and the website is functioning properly. However, Google Chrome reports that only the main landing page of the website is secure while the Customer Data Theft notification webpage of British Airways isn’t working properly. Therefore, visitors much not provide sensitive information such as credit card data or passwords.
It is worth noting that the breach may cause problems not only for the airline and its customers but also to the banks that would need to manage the high number of incoming calls to “cancel credit cards.” Another concerning fact is that the stolen information can be used by hackers to make high-value purchases as well as to carry out frauds. According to James Lyne, SANS Institute’s head of research and development, it isn’t yet clear what type of ‘personal data’ is stolen.
This is not the first time that British Airways has become a victim of a cyber attack. Previously, the official Twitter account of the company was compromised and used in sending out racist tweets. In another incident last year; a bug in the IT system of the airline caused a major outage and as a result, all British Airways flights were canceled
Image credit: Depositphotos