This article is from the source 'bbc' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at https://www.bbc.co.uk/news/uk-england-london-45440850
The article has changed 16 times. There is an RSS feed of changes available.
| Version 9 | Version 10 |
|---|---|
| British Airways boss apologises for 'malicious' data breach | British Airways boss apologises for 'malicious' data breach |
| (35 minutes later) | |
| The chief executive of British Airways has apologised for what he has called a very sophisticated breach of the firm's security systems. | The chief executive of British Airways has apologised for what he has called a very sophisticated breach of the firm's security systems. |
| Alex Cruz told the BBC that hackers carried out a "sophisticated, malicious criminal attack" on its website. | Alex Cruz told the BBC that hackers carried out a "sophisticated, malicious criminal attack" on its website. |
| The airline said personal and financial details of customers making bookings had been compromised. | The airline said personal and financial details of customers making bookings had been compromised. |
| About 380,000 transactions were affected, but the stolen data did not include travel or passport details. | About 380,000 transactions were affected, but the stolen data did not include travel or passport details. |
| Mr Cruz has promised compensation for customers affected by breach. | |
| BA said the breach took place between 22:58 BST on 21 August and 21:45 BST on 5 September. Shares in BA parent group IAG were down by 2.79% in Friday morning trade. | |
| Communication | Communication |
| Mr Cruz told the BBC's Today programme: "We're extremely sorry. I know that it is causing concern to some of our customers, particularly those customers that made transactions over BA.com and app. | Mr Cruz told the BBC's Today programme: "We're extremely sorry. I know that it is causing concern to some of our customers, particularly those customers that made transactions over BA.com and app. |
| "We discovered that something had happened but we didn't know what it was [on Wednesday evening]. So overnight, teams were trying to figure out the extent of the attack. | "We discovered that something had happened but we didn't know what it was [on Wednesday evening]. So overnight, teams were trying to figure out the extent of the attack. |
| "The first thing was to find out if it was something serious and who it affected or not. The moment that actual customer data had been compromised, that's when we began immediate communication to our customers." | "The first thing was to find out if it was something serious and who it affected or not. The moment that actual customer data had been compromised, that's when we began immediate communication to our customers." |
| BA said all customers affected by the breach had been contacted on Thursday night. The breach only affects people who bought tickets during the timeframe provided by BA, and not on other occasions. | BA said all customers affected by the breach had been contacted on Thursday night. The breach only affects people who bought tickets during the timeframe provided by BA, and not on other occasions. |
| Mr Cruz added: "At the moment, our number one purpose is contacting those customers that made those transactions to make sure they contact their credit card bank providers so they can follow their instructions on how to manage that breach of data." | Mr Cruz added: "At the moment, our number one purpose is contacting those customers that made those transactions to make sure they contact their credit card bank providers so they can follow their instructions on how to manage that breach of data." |
| The airline has taken out adverts apologising for the breach in Friday's newspapers. | The airline has taken out adverts apologising for the breach in Friday's newspapers. |
| BA data breach: What do you need to do? | BA data breach: What do you need to do? |
| By Simon Read, business reporter | By Simon Read, business reporter |
| What data was stolen? | What data was stolen? |
| "It was name, email address, credit card information - that would be credit card number, expiration date and the three digit [CVV] code on the back of the credit card," said BA boss Mr Cruz. | |
| BA insists it did not store the CVV numbers. This is prohibited under international standards set out by the PCI Security Standards Council. | |
| Since BA said the attackers also managed to obtain CVV numbers, security researchers have speculated that the card details were intercepted, rather than harvested from a BA database. | |
| What could the hackers do with the data? | What could the hackers do with the data? |
| Once fraudsters have your personal information, they may be able to access your bank account, or open new accounts in your name, or use your details to make fraudulent purchases. They could also sell on your details to other crooks. | Once fraudsters have your personal information, they may be able to access your bank account, or open new accounts in your name, or use your details to make fraudulent purchases. They could also sell on your details to other crooks. |
| What do I need to do? | What do I need to do? |
| If you've been affected, you should change your online passwords. Then monitor your bank and credit card accounts keeping an eye out for any dodgy transactions. Also be very wary of any emails or calls asking for more information to help deal with the data breach: crooks often pose as police, banks or, in this instance they could pretend to be from BA. | If you've been affected, you should change your online passwords. Then monitor your bank and credit card accounts keeping an eye out for any dodgy transactions. Also be very wary of any emails or calls asking for more information to help deal with the data breach: crooks often pose as police, banks or, in this instance they could pretend to be from BA. |
| Will my booking be affected? | Will my booking be affected? |
| BA says none of the bookings have been hit by the breach. It said it has contacted all those affected to alert them to the problem with their data, but booked flights should go ahead. | BA says none of the bookings have been hit by the breach. It said it has contacted all those affected to alert them to the problem with their data, but booked flights should go ahead. |
| Will there be compensation for me? | Will there be compensation for me? |
| If you suffer any financial loss or hardship, the airline has promised to compensate you. | If you suffer any financial loss or hardship, the airline has promised to compensate you. |
| 'Atrocious' | 'Atrocious' |
| BA customers have expressed frustration with the airline on social media. | BA customers have expressed frustration with the airline on social media. |
| Mat Thomas said he placed a booking on 27 August, but had not been contacted about the breach. | Mat Thomas said he placed a booking on 27 August, but had not been contacted about the breach. |
| "Atrocious that I had to find out about this via news and twitter," he tweeted. | "Atrocious that I had to find out about this via news and twitter," he tweeted. |
| "Called bank and had to cancel both mine and my wife's card. Probably won't get it back before we fly (ironically)." | "Called bank and had to cancel both mine and my wife's card. Probably won't get it back before we fly (ironically)." |
| Gemma Theobald tweeted: "My bank... are experiencing extremely high call volumes due to this breach! Couldn't do anything other than cancel my card... not how I wanted to spend my Thursday evening." | Gemma Theobald tweeted: "My bank... are experiencing extremely high call volumes due to this breach! Couldn't do anything other than cancel my card... not how I wanted to spend my Thursday evening." |
| The company could potentially face fines from the Information Commissioner's Office, which is looking into the breach. | The company could potentially face fines from the Information Commissioner's Office, which is looking into the breach. |
| Rachel Aldighieri, managing director of the Direct Marketing Association, said: "British Airways has a duty to ensure their customer data is always secure. They need to show that they have done everything possible to ensure such a breach won't happen again. | Rachel Aldighieri, managing director of the Direct Marketing Association, said: "British Airways has a duty to ensure their customer data is always secure. They need to show that they have done everything possible to ensure such a breach won't happen again. |
| "The risks go far beyond the fines regulators can issue - albeit that these could be hefty under the new [EU data protection] GDPR regime." | "The risks go far beyond the fines regulators can issue - albeit that these could be hefty under the new [EU data protection] GDPR regime." |
| Under GDPR, fines can be up to 4% of annual global revenue. BA's total revenue in the year to 31 December 2017 was £12.226, so that could be a potential maximum of £489m. | |
| The National Crime Agency and National Cyber Security Centre also confirmed they were assessing the incident. | The National Crime Agency and National Cyber Security Centre also confirmed they were assessing the incident. |
| 'Flesh wound' | 'Flesh wound' |
| This is not the first customer relations problem to affect the airline in recent times. | This is not the first customer relations problem to affect the airline in recent times. |
| In July, BA apologised after IT issues caused dozens of flights in and out of Heathrow Airport to be cancelled. | In July, BA apologised after IT issues caused dozens of flights in and out of Heathrow Airport to be cancelled. |
| The month before, more than 2,000 BA passengers had their tickets cancelled because the prices were too cheap. | The month before, more than 2,000 BA passengers had their tickets cancelled because the prices were too cheap. |
| And in May 2017, serious problems with BA's IT systems led to thousands of passengers having their plans disrupted, after all flights from Heathrow and Gatwick were cancelled. | And in May 2017, serious problems with BA's IT systems led to thousands of passengers having their plans disrupted, after all flights from Heathrow and Gatwick were cancelled. |
| "It does not indicate that the information systems are the most robust in the airline industry," Simon Calder, travel editor at the Independent, told the BBC. | "It does not indicate that the information systems are the most robust in the airline industry," Simon Calder, travel editor at the Independent, told the BBC. |
| However, he does not think BA will be affected in the long term by the breach. | However, he does not think BA will be affected in the long term by the breach. |
| "The airline has immense strength. Notably it's holding a majority of slots at Heathrow, and an enviable safety record, so while this is embarrassing and will potentially cost tens of millions of pounds to resolve, it's more like another flesh wound for BA, rather than anything serious." | "The airline has immense strength. Notably it's holding a majority of slots at Heathrow, and an enviable safety record, so while this is embarrassing and will potentially cost tens of millions of pounds to resolve, it's more like another flesh wound for BA, rather than anything serious." |
| Have you been affected by BA's data breach? Email haveyoursay@bbc.co.uk. | Have you been affected by BA's data breach? Email haveyoursay@bbc.co.uk. |
| Please include a contact number if you are willing to speak to a BBC journalist. You can also contact us in the following ways: | Please include a contact number if you are willing to speak to a BBC journalist. You can also contact us in the following ways: |
| Or use the form below | Or use the form below |