Hackers compromise British Airways account, steal thousands of credit card info

British Airways has suffered a data breach, with critical information on hundreds of thousands of its users being stolen by hackers.

The company confirmed the breach, saying it was done by a “very sophisticated, malicious criminal”.

In total, 380,000 accounts were compromised, the company said, with hackers stealing names, street and email addresses, credit card numbers and expiry dates, as well as security codes, through the company website and app.

The theft of this information occurred over a two-week period, it was said, starting on August 21, and ending on September 5, when it was finally discovered.

Chief Executive Alex Cruz said the carrier was “deeply sorry” for the disruption.

“There were other methods, very sophisticated efforts, by criminals in obtaining the data,” he told BBC radio. “It was having access to our systems in an illicit way, it was very sophisticated.”

Cruz added that whoever lost out financially would be compensated for their loss.

Paul Farrington, Head of EMEA at app security company CA Veracode also warns that things are different now, with GDPR in force.

“With GDPR now in full force the board at BA will have to consider their exposure to regulatory fines, especially when it took 16 days for the breach to be detected, and if the financial losses will outstrip what it would have cost to prevent the breach in the first place.”