Álex Cruz, Chief Executive and Chairman of British Airways has described the recent data breach on ba.com and the mobile app as a “sophisticated, malicious criminal attack”. Although the breach was similar to the attack on Ticketmaster earlier this year, the criminals were able to access BA’s site directly rather than compromising a third-party system. Under new data regulations the ICO can fine companies up to 4% of their global turnover. Therefore, if the ICO takes action, BA could receive fines of up to £500m.
The data breach occurred over two weeks where 380,000 of BA’s transactions were affected. Travel and passport details have not been compromised, however the stolen data includes personal and financial details of customers making changes or bookings during August 21st – 5th September. This includes the three-digit CVV code on the back of credit cards. Paul Lipman, chief executive of cybersecurity company Bullguard said customers’ credit data was “almost certainly up for sale on the dark web as we speak”. Another cybersecurity expert, Simon Migliano, said BA customer data could be worth £21.5m, based on an estimate of the average cost criminals are willing to pay for credit card details.
The main concern if you made any changes or bookings during the two-week period is securing your financial details. Borwell advise that you contact your bank/credit card provider immediately and follow their advice.
If you have not directly been affected by the data breach, BA is warning customers that fraudsters may attempt to gather personal information. British Airways have stated on ba.com that they will not be contacting customers asking for payment details. If you are worried about an email, borwell advises not to click on links, open documents or reply until you are certain that the email is legitimate.