British Airways has apologised after the personal and financial information of more than 380,000 customers was compromised in a “sophisticated, malicious criminal attack”.
The airline said the breach occurred between 22:58 BST on 21 August and 21:45 BST on 5 September, and only affects customers who bought tickets during that period.
BA’s CEO, Alex Cruz, said: “At the moment, our number one purpose is contacting those customers that made those transactions to make sure they contact their credit card bank providers so they can follow their instructions on how to manage that breach of data.”
He continued: “The moment that actual customer data had been compromised, that’s when we began immediate communication to our customers”, but it seems that many found out via news outlets first.
Twitter users were quick to vent their frustration.
Furious @British_Airways Found out re data breach from news, before you had the decency to tell me yourself I was likely affected. I’m travelling alone in Vietnam & have had to put stop on the card, which makes me vulnerable & I’m now spending precious hol time trying to resolve
— Michelle Dewberry (@MichelleDewbs) September 7, 2018
The airline has taken out adverts in Friday’s newspapers apologising for the breach, and has contacted the police and relevant authorities, including, I assume, the ICO.
Shares in BA’s owner IAG fell by 3.1% in early trade on Friday.