British Airways is investigating, as a matter of urgency, the theft of customer data from its website, ba.com and the airline’s mobile app. The stolen data did not include travel or passport details.
From 22:58 on August 21 2018 until 21:45 September 5 2018, the personal and financial details of customers making bookings on ba.com and the airline’s app were compromised.
However, since the breach, BA have declared that the issue has been resolved and their website is working normally.
British Airways is communicating with affected customers and have advised any customers who believe they may have been affected by this incident to contact their banks or credit card providers and follow their recommended advice. The airline has notified the police and relevant authorities.
Alex Cruz, British Airways’ Chairman and Chief Executive said: “We are deeply sorry for the disruption that this criminal activity has caused. We take the protection of our customers’ data very seriously.”
British Airways will provide further updates when appropriate.
Following the news that British Airways has been affected by a data breach, Mark Adams, Regional Vice President of UK & Ireland at Veeam, commented: “While many will focus on the negative consequences of this data breach, the fact British Airways reported it so quickly is a positive. While it is unclear who is fully responsible for the detection of this security incident, the subsequent communications have been positive; many could learn from the handling of this.
“Unfortunately breaches can happen to any business and while BA remain on the backfoot to ensure this doesn’t happen again, it’s important to highlight why all businesses need to be far more proactive in managing data and systems, and getting security and monitoring of data right up front.
“To reduce the chances of breach complaints and payment of heavy fines, businesses have several steps they can take. First and foremost, work to deliver a company-wide employee training program on data protection and phishing attacks. Human-led errors are still the weakest link in the security chain for a business. No matter who you are or who you work for, this must be right. When the stakes are so high, employees have to be more aware of their actions.
“From a technology standpoint, implementing intelligent data management tools that can monitor, automatically spot irregularities and act accordingly is critical. Data collected by an organisation the scale of airline is vast; and they are a prime example of the type of business that needs to move from a policy-based mindset of security and data management to an automated, behaviour led approach that scan spot inaccuracies and obscure patterns in data usage. For organisations of any scale, the old school way of manually checking and monitoring is no longer sufficient, especially not for businesses of this size. And, while it’s near impossible to prevent all data leakage and data thefts, an intelligent data management approach, combined with a strong and versatile incident response process can help significantly reduce the complaints that naturally would follow.”