Newsdeck

BA scrambles to address theft of passenger bank details

By AFP 7 September 2018
Caption
(FILE) - British Airways aircraft stand on their parking positions at Heathrow Airport in London, Britain, 29 May 2017 (reissued 06 September 2018). British Airways has announced that for two weeks from August 21 hackers stole personal and financial customer data from its website and mobile app. EPA-EFE/ANDY RAIN

British Airways will financially compensate customers whose data were stolen in a "sophisticated" and "malicious" hack, chief executive Alex Cruz said Friday as he apologised for the fiasco.

BA late Thursday revealed that personal and financial details of customers who booked flights on the group’s website and mobile phone app between August 21 and Wednesday had been stolen.

The revelation comes just a few months after the European Union tightened data protection laws.

“We’re extremely sorry for what has happened,” Cruz told the BBC on Friday.

“There was a very sophisticated, malicious, criminal attack on our website.”

BA took out full-page adverts in the UK newspapers on Friday to apologise to customers, while the share price of parent group IAG was down more than three percent in London deals.

“We are 100 percent committed to compensate them,” Cruz said.

“We will compensate them for any financial hardship that they may have suffered,” he told the broadcaster.

BA said it had launched an urgent investigation after realising that about 380,000 bank cards used to book its flights had been hacked.

The stolen data comprised customer names, postal addresses, email addresses and credit card information.

However the 15-day breach did not involve travel or passport details and has been fixed, the airline added.

 

 – Regulators investigate –

 

“The moment we found out (Wednesday) that actual customer data had been compromised, that’s when we began an all out immediate communication to our customers. That was our priority,” Cruz said.

However Enza Iannopollo, privacy and security analyst at advisory group Forrester, said BA could have done better on informing those affected.

“If the timeline is confirmed and BA became aware of the breach on the evening of September 5th, then they have done their breach notification on time, which is of course a good thing,” she said in a statement.

“However, customers are obviously not impressed about BA breach management at present. Some discovered it on social media, others reported wasting hours on the phone with their bank, everyone expects more from a company that truly cares about its customers.”

“Terrible handling of the situation,” tweeted one affected customer, Mat Thomas.

Iannopollo told AFP that it was too early to know whether BA would be fined over the affair.

“Regulators will assess the circumstances of this breach consistently with GDPR requirements,” she said referring to the EU’s General Data Protection Regulation that came into force in May.

Britain’s National Crime Agency said it was assessing the matter, while the UK’s data protection watchdog, the Information Commissioner’s Office, will make its own enquiries.

“The ICO will do its assessment and investigation to determine whether to levy a fine or impose any enforcement action, but this will take some time and it might be that the regulator determines that rules were not breached,” Iannopollo said.

About 1100 GMT, shares in IAG, which runs also Spanish carriers Iberia and Vueling as well as Irish airline Aer Lingus, were down 3.5 percent at 657.60 pence on London’s benchmark FTSE 100 index, down 0.8 percent overall.

“Today’s news is a reminder of just what a hot issue cyber security remains and the importance of companies having the right protections in place to mitigate the risk posed by attacks,” noted Russ Mould, investment director at AJ Bell. DM

Gallery

In other news...

South Africa is in a very real battle. A political fight where terms such as truth and democracy can seem more of a suggestion as opposed to a necessity.

On one side of the battle are those openly willing to undermine the sovereignty of a democratic society, completely disregarding the weight and power of the oaths declared when they took office. If their mission was to decrease society’s trust in government - mission accomplished.

And on the other side are those who believe in the ethos of a country whose constitution was once declared the most progressive in the world. The hope that truth, justice and accountability in politics, business and society is not simply fairy tale dust sprinkled in great electoral speeches; but rather a cause that needs to be intentionally acted upon every day.

However, it would be an offensive oversight not to acknowledge that right there on the front lines, alongside whistleblowers and civil society, stand the journalists. Armed with only their determination to inform society and defend the truth, caught in the crossfire of shots fired from both sides.

If you believe in supporting the cause and the work of Daily Maverick then take your position on the battleground and sign up to Maverick Insider today.

For whatever amount you choose, you can support Daily Maverick and it only takes a minute.

Support Daily MaverickPayment options


Comments - share your knowledge and experience

Please note you must be a Maverick Insider to comment. Sign up here or if you are already an Insider.

ANALYSIS

Law enforcement, witnesses and McKinsey: The missing factors in Eskom’s pursuit of the Trillian millions

By Jessica Bezuidenhout

VICTORY FOR UNITY

The flag of hate is lowered

Rebecca Davis 15 hours ago

Donald Trump is the oldest president to be elected to a first term in office. The sentient naartjie is 70-years-old.