British Airways revealed on Thursday that hackers managed to lurk in its systems for two weeks, exposing around 380,000 card payments.
The company released a statement through its parent company, IAG, saying that the attack on its website (ba.com) and mobile app began late on August 21 and was interrupted on Wednesday evening. It said that the personal and financial details of customers making bookings during that time period were “compromised,” but that its website is now “working normally.”
We’ve reached out to British Airways for more information on exactly what was compromised and if it’s confident all of that data was stolen but a representative declined to provide more details. The company did say that travel and passport details were not part of the breach.
The company’s statement and FAQ page did not reveal how many customers were affected by the infiltration, but British Airways representatives told Gizmodo and other outlets that the number of “card payments” is currently believed to be around 380,000. It’s still early in the process of investigation and it’s important to keep in mind these details could change. As we saw with T-Mobile last month, when the story changes, it tends to get worse.
We also asked if a third-party was involved with British Airways investigation, a spokesperson would only say, “a third-party noticed some unusual activity and informed us about it. We immediately acted to close down the issue, and started an investigation as a matter of urgency.” If this third-party is a public-facing security research firm, we’ll likely see a more detailed report in the future. The airline said it was also working with law enforcement on the matter.
There’s more information available for what to do if you’re afraid you might be one of the people who had their info compromised on the British Airways website. The page says that affected customers will be contacted directly, and customers are encouraged to contact their bank or credit card providers immediately.
[IAG, British Airways]