British Airways Website And App Hacked & 380K Customer’s Credit Card And Other Information Stolen

British Airways today announced that members that booked directly with British Airways using the website and app between August 21 and September 5, 2018 have had their personal and financial information compromised.

This data breach has affected approximately 380,000 customers based on the information BA has released to media. The financial information includes actual credit card numbers with expiry dates.

You can access BA’s page for this hack here.

Here’s the announcement from BA:

We are investigating, as a matter of urgency, the theft of customer data from our website and our mobile app. The stolen data did not include travel or passport details.

From 22:58 BST August 21 2018 until 21:45 BST September 5 2018 inclusive, the personal and financial details of customers making bookings on our website and app were compromised.

The breach has been resolved and our website is working normally. We have notified the police and relevant authorities.

We are deeply sorry for the disruption that this criminal activity has caused. We take the protection of our customers’ data very seriously.

What to do if you have been affected

If you believe you have been affected by this incident, then please contact your bank or credit card provider and follow their recommended advice. Please check back here for further updates, we will be updating this page.

FAQs

How do I know if I have been affected?

This relates to customer bookings made from 22:58 BST August 21 2018 to 21:45 September 5 2018 inclusive. We will be contacting affected customers directly to advise them of what has happened and are advising them to contact their banks or credit card providers and follow their recommended advice.

Will there be any compensation?

We take the protection of our customers’ data seriously, and are very sorry for the concern that this criminal activity has caused. We will continue to keep our customers updated with the very latest information. We will be contacting customers and will manage any claims on an individual basis.

What data has been lost?

The personal and financial details of customers making bookings on ba.com and the airline’s mobile app were compromised. No passport or travel details were stolen.

How do I reset my ba.com password?

Click the Forgotten Pin/Password link on the top right-hand corner of the ba.com homepage.

We recommend you choose a unique password that you do not use for any other online account.

Should I call my bank or cancel my credit cards?

We recommend you contact your bank and follow their recommended advice.

What shall I do if I am due to travel today?

The incident has been resolved and all systems are working normally so customers due to travel can check-in online as normal.

Will I still be able to check in?

Yes, all customers booked on our flights will be able to check in as normal.

Will this affect any future bookings?

The incident has been resolved and ba.com is working normally so future bookings will not be affected.

Here’s the email that BA just sent to affected passengers:

Here’s an email that BA sent on May 23:

Personal data including credit card numbers doesn’t seem to be in safe hands with British Airways after all….

Conclusion

This is very serious breach. The hackers were able to get all the account information including password and credit card number(s). Seems that the data is not properly safeguarded and hashed by BA.

If you made purchases with BA during the affected dates, you should go and change your password NOW and also closely monitor your credit card activity for any unauthorized charges..