BA apologises after customers hit in cyber attack

World
Europe

British Airways apologized on Friday after the credit card details of hundreds of thousands of its customers were stolen over a two-week period in the most severe attack on its website and app.

The airline discovered on Wednesday that bookings made between August 21 and September 5 had been infiltrated in a "very sophisticated, malicious criminal" attack, BA Chairman and Chief Executive Alex Cruz said. It immediately contacted customers when the extent of the breach became clear.

Around 380,000 card payments were compromised, the airline said, with hackers obtaining names, street and email addresses, credit card numbers, expiry dates and security codes - sufficient information to steal from accounts.

The attack came 15 months after the carrier suffered a massive computer system failure at London's Heathrow airport, which stranded 75,000 customers over a holiday weekend.

Shares in BA's parent, International Airlines Group (ICAG.L), were down two percent in afternoon trading on Friday.

Cruz said the carrier was "deeply sorry" for the disruption caused by the attack which was unprecedented in the more than 20 years that BA had operated online.

He said the attackers had not broken the airline’s encryption but did not explain exactly how they had obtained the customer information.

"There were other methods, very sophisticated efforts, by criminals in obtaining the data," he told BBC radio.

IT security company Avast said that based on the limited information available the attackers had probably targeted a gateway between the airline and a payment processor because no travel details had been stolen.

"Quite often, when it’s just a hack of a database somewhere it is hard to identify when something has been compromised," Avast's consumer security expert Pete Turner said.

"This feels much more like a transaction-type attack, where data is moving about within the system."

Source(s): Reuters