British Airways is investigating the theft of customer data from its website and app over a two-week period and has urged customers affected to contact their banks or credit card providers. The airline said around 380,000 payment cards had been compromised and it had notified the police.

In a statement it said: “The stolen data did not include travel or passport details. From 22.58 (10:58pm) BST August 21, 2018 until 21.45 (9:45pm) BST September 5, 2018 inclusive, the personal and financial details of customers making bookings on and the airline’s app were compromised. The breach has been resolved and our website is working normally.”

British Airways has yet to reveal any technical details about the breach, however the type of information compromised makes it likely that the information was skimmed live, as customers booked and paid for flights. The issue was identified when a third party noticed unusual activity and reported it to the airline.

This is the first breach to hit a major company since General Data Protection Regulation (GDPR) came into effect on May 25, 2018. GDPR is a regulation on data protection and privacy enacted to protect individuals within the European Union. Fines are levied on violators of GDPR, and British Airways may be liable for $646M if it is determined that the airline did not do enough to protect customer data. Shares of the airlines parent company IAG have dropped in the wake of the announcement.

All affected customers have received an email from British Airways, asking them to contact their banks or card providers immediately. The airline has stated that any financial losses suffered by customers as a direct result of the breach will be reimbursed. All flights booked during the affected time frame are still valid. Travelers who booked through travel agents or with other airlines using a “code-share” are not affected.

Customers affected by the breach:

  1. Made a purchase on British Airways’ website or mobile app between 22:58 BST (5:58 p.m. EST) on August 21, 2018 and 21:45 BST (4:45 p.m. EST) on September 5, 2018.
  2. Received an email from British Airways about the breach.

Be aware that in scenarios such as this there is the potential for scammers to extract information from concerned customers. If you receive an email from any email address other than do NOT provide information,

Affected customers should keep an eye on transactions since the most common use of stolen financial information is fraudulent purchases. It is generally recommended that affected credit and debit card numbers be cancelled for peace of mind.

ImagIT Solutions is a network engineering company that provides comprehensive IT services for channel partners, managed service providers and enterprise businesses with multiple locations. ImagIT was founded with the goal of providing comprehensive, IT services for multi-site organizations. Built on providing exceptional customer service with the most trusted technicians in the field, we continue to grow with our clients and expand internationally. Our team of 400 expert engineers and full PMO are ready to take on any type of networking engagement!  Whether its proactive support, an emergency call, long-term projects or ongoing break-fix services, ImagIT will deliver a solution that is customized to best fit your organization.