What just happened? One of the world's largest airlines, British Airways, was hacked by cybercriminals. It is now in damage control mode, contacting affected customers, offering compensation and carrying out internal investigations to understand how it happened.
The British flag carrier has owned up to being hacked by criminal elements, and "personal and financial data" of up to 380,000 customers being stolen.
In a public statement released through the airline's channels, British Airways has admitted that during the period of August 21st to September 5th, its website and mobile app were compromised and that detailed personal and credit card data had been stolen. The company said, however, that passport numbers had not been taken. Those affected can expect a call from the company telling them their data was lost and they should contact their banks and follow advice. Alex Cruz, BA's chairman has apologized for the disruption and said the company was "deeply sorry." He described the intrusion as having "very sophisticated efforts"
BA has, so far, not detailed the means by which the hackers gained access to the customer data. Describing the attack, the company said: “It was having access to our systems in an illicit way, it was very sophisticated.”
Although BA promptly offered to compensate customers in case of losses (with customers having to trigger the process), the stolen data is more than enough to carry out online transactions and the company stands to take on huge losses.
To make matters worse, if BA is verified not to have taken appropriate measures to secure customer data, it can face a fine of up to $650 million due to the infamous GDPR regulation in place.