British Airways has said it is urgently investigating the theft of customer data from its website and mobile app after personal and financial details of customers making bookings had been compromised.
BA, which flies direct from Heathrow to Nairobi, said the breach took place between 22:58 BST on 21 August and 21:45 BST on 5 September and while the stolen data did not include travel or passport details, around 380,000 transactions have been affected.
In a press release, the airline said:
British Airways is investigating, as a matter of urgency, the theft of customer data from its website, ba.com and the airline’s mobile app. The stolen data did not include travel or passport details.
From 22:58 BST August 21 2018 until 21:45 BST September 5 2018 inclusive, the personal and financial details of customers making bookings on ba.com and the airline’s app were compromised.
The breach has been resolved and our website is working normally.
British Airways is communicating with affected customers and we advise any customers who believe they may have been affected by this incident to contact their banks or credit card providers and follow their recommended advice.
We have notified the police and relevant authorities.
Alex Cruz, British Airways’ Chairman and Chief Executive said “We are deeply sorry for the disruption that this criminal activity has caused. We take the protection of our customers’ data very seriously.”
British Airways will provide further updates when appropriate.
BA said all customers affected by the breach had been contacted on Thursday night and the National Crime Agency and National Cyber Security Centre have confirmed they are assessing the incident.
Consumer group Which? have advised people concerned they could be at risk should change their online passwords, monitor bank and other online accounts and be wary that fraudsters may refer to the breach in scam emails.