British Airways was forced to apologise on Friday after the credit card details of hundreds of thousands of its customers were stolen over a two-week period in the worst ever attack on its website and app.
BA chairman and chief executive Alex Cruz said in London the airline discovered on Sept. 5 that bookings made between Aug. 21 and Sept. 5 had been infiltrated in a “very sophisticated, malicious criminal” attack.
Cruz said the airline immediately contacted customers when the extent of the breach became clear.
He said around 380,000 card payments were compromised, with hackers obtaining names, street and email addresses, credit card numbers, expiry dates and security codes – sufficient information to steal from accounts.
The attack came 15 months after the carrier suffered a massive computer system failure at London’s Heathrow airport, which stranded 75,000 customers over a holiday weekend.
Shares in BA’s parent, International Airlines Group, fell 3 per cent in early deals on Friday due to the attack.
Cruz said the carrier was “deeply sorry” for the disruption caused by the sophisticated crime, which was unprecedented in the more than 20 years that BA had operated online.
He said the attackers had not broken the airline’s encryption but did not explain exactly how they had obtained the customer information.
“There were other methods, very sophisticated efforts, by criminals in obtaining the data,” he said.
“It was having access to our systems in an illicit way, it was very sophisticated.”
Cruz said the British Airways informed customers affected by the attack on Thursday and advised them to contact their bank or credit card provider and follow their recommended advice.
It also took out ads in national newspapers on Friday.
Cruz said anyone who lost out financially would be compensated by the airline.
The airline had launched an investigation and notified police and other relevant authorities.