British Airways apologizes after 380,000 customers have been victims of a cyberattack

LONDON (Reuters) – British Airways was forced to apologize on Friday after two hundred thousand customers stole its credit card details.

The airline discovered Wednesday that bookings made between August 21 and September 5 had been infiltrated into a "very sophisticated and malicious attack," said BA President and CEO Alex Cruz. He immediately contacted the clients when the extent of the violation became clear.

About 380,000 card payments have been compromised, the airline said, with hackers obtaining names, street and email addresses, credit card numbers, expiration dates, and security codes.

The attack took place 15 months after the carrier had been the victim of a serious computer system failure at London's Heathrow Airport, which blocked 75,000 customers over a weekend vacation.

Shares in BA's parent company, International Airlines Group (ICAG.L), fell by 3% in the first agreements on Friday.

Cruz said the carrier was "deeply sorry" for the disruption caused by the sophisticated crime, which had been unprecedented for over 20 years as BA operated online.

He added that the attackers did not break the company's encryption but did not explain exactly how they obtained this information.

"There were other methods, very sophisticated efforts, by criminals to get the data," he told BBC radio.

"He had access to our systems illegally, it was very sophisticated."

British Airways informed its customers involved with the attack on Thursday, Cruz said. He advised them to contact their bank or credit card provider and follow their recommended advice. He also released advertisements in national newspapers on Friday.

COMPENSATION

Cruz said that anyone losing financially would be compensated by the airline.

"By the time we discovered that real customer data had been compromised, that was the top priority when we started communicating immediately to our customers," he said.

The data security expert, Trevor Reschke, said that, like all the websites that record high volumes of card transactions, British Airways was a prime target for hackers.

"This is now a race between British Airways and illegal criminals," said Reschke, Threat Intelligence Officer at Trusted Knight.

"We will determine which cards have been compromised and alert the victims, while the other will try to abuse them as long as they are still fresh."

IAG stated that the data breach had been resolved and that the website was functioning normally, and that no details of travel or passport had been stolen.

The airline had launched an investigation and notified the police and other relevant authorities.

After the failure of the computer system in May 2017, BA said it would take steps to prevent such an incident from happening again, but in July it was forced to cancel and delay flights at the same airport because of problems with a vendor's computer systems.