British Airways has warned customers that about 380,000 card payments on its website and app were compromised during a 15-day data breach. Here is what to do if you think you have been affected.
Which payments were affected?
BA says the breach relates to bookings made between 10.58pm on 21 August and 9.45pm on 5 September.
What data was compromised?
The airline says personal and financial details of customers making bookings over the period were compromised. No passport or travel details were stolen.
How did the hack happen?
British Airways says it was not a breach of the airline’s encryption. “There were other methods, very sophisticated efforts, by criminals in obtaining our data,” BA’s chief executive, Álex Cruz, said. Some experts have speculated that the hackers carried out a digital version of card “skimming” by copying data as it was entered into the system during the purchasing process.
I made a booking then, what should I do?
BA said it was in the process of contacting all affected customers. The airline is advising those customers to contact their bank or card provider and follow their advice.
Will I be compensated?
BA says that any customers who lose out financially will be compensated.
Will I have to get a new card?
Some customers have complained of having to cancel cards as a result of the breach. The airline said affected customers should follow their bank or provider’s recommended advice.
Should I change my password?
Alex Neill of the consumer group Which? said anyone concerned they could be at risk of fraud should consider changing their online passwords and monitor their bank and other online accounts. She also urged people to be wary of emails regarding the breach because scammers may try to take advantage of it.
I’m a BA customer but I did not book a ticket over the affected period
The airline said the incident has been resolved and all systems are working normally. Customers due to travel can check in online as normal.
How about future bookings?
Future bookings will not be affected, BA said.