British Airways site, app hacked for two weeks

Saul Bowman
September 7, 2018

The airline said that the data was stolen from its website and mobile app between August 21 and September 5.

As of the time of this article was filed, Google Chrome continued to report that the Customer Data Theft notification page is not fully secure and visitors should not enter sensitive information like passwords or credit cards.

The breach has been resolved and the British Airways website is working normally, IAG said.

He said enough information was stolen to allow criminals to use credit card information for illicit purposes, and that police are investigating.

"We take the protection of our customers' data very seriously", he said.

The company said it is notifying affected customers and has advised anyone who thinks they may have been targeted to contact their banks or credit card providers. Customers due to travel can check in online as normal.


Chief Executive Alex Cruz said the carrier was "deeply sorry" for the disruption caused by the sophisticated crime.

Meanwhile, BA customers expressed their frustration with the airline on social media. The airline said affected customers should follow their bank or provider's recommended advice.

Mat Thomas said he placed a booking on 27 August, but had not been contacted about the breach. No passport or travel details were taken.

"Unfortunately this is likely to be another PR disaster for British Airways, especially as it includes tickets brought in their September sale".

It also represents a setback in BA's efforts to fix trust among customers after an IT failure past year left 75,000 passengers stranded. One customer, Ash Dubbay, who booked return flights to Tel Aviv for £195 during a "pricing error" had his purchases voided.

Other reports by

Discuss This Article

FOLLOW OUR NEWSPAPER