BA apologises after 380,000 customer details hacked

BA apologises after 380,000 customer details hacked

The boss of British Airways (BA) has apologised after ther airline disclosed last week that the personal and financial details of around 380,000 customers had been compromised in a hacking attack.

It was revealed that names, email addresses and credit card information – including card numbers, expiration dates and three-digit CVV security codes – were among the data stolen from customers who booked flights via the company's website between August 21st and September 5th.

BA has pledged to provide compensation to anybody who suffers a loss as a result of this and all affected customers should have been contacted with details of what they need to do.

Speaking to BBC Radio 4's Today programme, CEO of BA Alex Cruz said: "We're extremely sorry. I know that it is causing concern to some of our customers, particularly those customers that made transactions over BA.com and app.

"At the moment, our number one purpose is contacting those customers that made those transactions to make sure they contact their credit card bank providers so they can follow their instructions on how to manage that breach of data."

Security experts have expressed concern over the size and scale of the breach, particularly as significant financial details were compromised.

Ross Brewer from security intelligence firm LogRhythm told the Independent: "The scale and nature of this attack is astounding, with around 380,000 customers knowingly affected."

While BA has not offered any details of exactly how the attack took place, Mr Cruz said it had been the victim of a "sophisticated, malicious criminal attack".

BA insists it does not store its customers' CVV numbers on its servers, as this is prohibited under international standards set out by the PCI Security Standards Council. 

Therefore, as these details were part of the stolen data, some experts have suggested that card details were intercepted live at the point of entry, rather than being harvested from the firm's databases.