British Airways - Data Breach

British Airways Data Breach Information

Ensuring Transparency and Trust

Home | About Us | Contact Us | Data Breach Information

Important Information Regarding the 2018 Data Breach

We at British Airways deeply regret to inform our customers about a data breach that occurred in the summer of 2018. We take this incident very seriously and are committed to addressing the issue and enhancing our security measures to protect your data.

Details of the Data Breach

• Date of Incident: Summer 2018
• Affected Customers: Nearly 500,000
• Compromised Data: Names, addresses, email addresses, and payment card details (including credit card numbers and CVV codes)
• Method of Attack: Access through a compromised third-party account, exploiting weak security measures

Our Immediate Response Actions

• Securing Systems: Isolated affected systems immediately. Implemented enhanced security measures to prevent further breaches.
• Notification to Authorities: Reported the breach to relevant regulatory bodies, including the ICO. Engaged with cybersecurity experts to assist in the investigation.

Information for Affected Customers

Direct Notifications: Personalized notifications sent to affected customers.

Support Services: Dedicated customer support helpline and free credit monitoring services.

Call to Action:

• Monitor your bank and credit card accounts for any suspicious activity.
• Change your online passwords and enable two-factor authentication.
• Contact your bank or credit card issuer if you notice any unauthorized transactions.

Public Communication Strategy

• Press Release: Issued a public statement outlining the breach and actions taken.
• Website and Social Media Updates: Created a dedicated page with detailed information on the breach. Regular updates on our social media channels.

Our Commitment to Security

• Advanced Security Technologies: Implemented advanced encryption methods for data protection. Deployed AI-driven threat detection systems.
• Regular Security Assessments: Established a routine schedule for security assessments and penetration testing.
• Third-party Vendor Audits: Conducted thorough security reviews of third-party vendors and partners.

Get in Touch

For more information and ongoing updates, please contact our dedicated helpline at [helpline number] or visit our FAQ page.

© 2024 British Airways. All rights reserved.

Privacy Policy | Terms of Service | Customer Support

Facebook | Twitter | Instagram

British Airways - Data Breach

 

    The incident took place when BA's systems were compromised by its attackers, and then modified to harvest customers' details as they were input.

    In summer 2018, a data breach affected almost 500,000 customers of British Airways, of which almost 250,000 had their names, addresses, credit card numbers and CVV cards stolen. The attack gained access to British Airways systems via the account of a compromised third party and escalated their account privileges after finding an unsecured administrator password. The attacker stole data that British Airway's was improperly recording and also redirected users of British Airways site to a bogus one that was designed to steal more data. In October 2020 the ICO fined British Airways £20 million for breaches of GDPR related to the breach.

    British Airways said it had alerted customers as soon as it had found out about the attack on its systems. "We are pleased the ICO recognisesthat we have made considerable improvements to the security of our systems since the attack and that we fully co-operated with its investigation," said a spokesman. Data protection officer Carl Gottlieb said that in the current climate, £20m was a "massive" fine.

    It was a testing feature that was only intended to operate when the systems were not live, but which was left activated when the systems went live.BA has explained that this card data was being stored in plaintext (as opposed to in encrypted form) as a result of human error. This error meant that the system had been unnecessarily logging payment card details since December 2015.

    British Airways said the attack affected bookings from 21 August 2018 to 5 September 2018 with credit card details of around 380,000 total customers being compromised. The attackers obtained names, street addresses, email addresses, credit card numbers, expiration dates and card security codes enough to allow thieves to steal from accounts. 77,000 customers had their name, address, email address and detailed payment information taken, while 108,000 people had personal details compromised which did not include CVV numbers.

    Of the 500,000 victims of the breech, 250,000 had their names, addresses, card numbers, and CVV numbers taken. The remainder of the victims lost less personal information.[1] British Airways urged customers to contact their banks or credit card issuer and to follow their advice.[3] NatWest said that it received more calls than usual because of the breach.[3] American Express said that customers would not need to take any action and that they would alert customers with unusual activity on their cards

Main website for more info : https://www.britishairways.com/travel/home/public/en_ca/