The personal and payment details of 380,000 British Airways customers have been stolen after the airline was hacked.
The hacks took place over a two week period between 21st August and 5th September. The information did not include travel or passport details but did include names, email addresses and credit card information, including the three-digit CVV numbers.
British Airways have claimed that CVV numbers aren’t stored by the company, which would be against rules set out by the PCI Security Standards Council. This has led to speculation that the card details were intercepted rather than extracted from a database.
CEO Alex Cruz told BBC’s Today programme that they first learned of the breach on Wednesday evening and spent the night determining the nature of the attack.
“At the moment, our number one purpose is contacting those customers that made those transactions to make sure they contact their credit card bank providers so they can follow their instructions on how to manage that breach of data,” he said.
Customers have been advised to change their online passwords and to monitor their bank and credit card accounts, cancelling cards if necessary. They will also need to watch out for criminals posing as BA and contacting them for more information.
Flights have not been impacted and the airline has promised to compensate affected customers.
The Information Commissioner’s Office (ICO) has begun an investigation into the breach.
(Source: BBC News)