Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

British Airways boss promises compensation for customers hit by data breach

Chief executive apologises after 380,000 payment cards ‘compromised’

Adam Forrest
Friday 07 September 2018 11:28 EDT
Comments
The airline discovered a major data breach on Wednesday
The airline discovered a major data breach on Wednesday (EPA)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

British Airways’ chief executive Alex Cruz has apologised to customers for the theft of payment card data and pledged compensation for all those affected.

The details of 380,000 cards were taken by hackers during a major security breach of the company’s website and mobile app between 21 August and 5 September.

Mr Cruz said a “sophisticated, malicious criminal attack” had taken place.

He promised BA would “100 per cent” compensate any customers who had lost money as the result of any fraud found to have taken place.

“We are extremely sorry for what has happened,” the chief executive told the BBC. “We know it has caused concern to some of our customers.

“Our number one purpose is contacting those customers that made those transactions to make sure they contact their credit card bank providers so they can follow their instructions on how to manage that breach of data.”

Mr Cruz revealed BA customers’ names, addresses, email addresses, card numbers and three-digit codes were stolen during the two-week breach. No flight information or passport details were taken by the hackers.

“We are 100 per cent committed to compensate them,” Mr Cruz said of affected customers.

“We are going to work with any customer that may have been affected, financially affected, as a result of this attack. And we will compensate them for any financial hardship they may have suffered.”

Mr Cruz said the company first discovered the attack on Wednesday night.

“The moment we found out that actual customer data had been compromised, that’s when we began an all-out, immediate communication to our customers,” he said.

BA was criticised for the speed of the response after discovering the data breach.

Mr Cruz said calls were made immediately to some customers and announcements were made on the company’s social media channels. Emails then began to be sent out to customers on Thursday afternoon. “We did it as absolutely as soon as we can,” he said.

The company took out adverts apologising for the hacking incident in some of Friday’s newspapers.

The airline could still face a fine from the Information Commissioner’s Office. A cyber attack suffered by TalkTalk in 2015 affecting fewer than half as many customers led to a record £400,000 fine.

A “power outage” that brought down BA’s information systems in May 2017 cost the company £80m after hundreds of flights had to be cancelled over a bank holiday weekend.

Shares in BA’s owner IAG fell by more than 4 percent early on Friday.

“We will get through this, without any doubts,” said Mr Cruz.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in