There will be an investigation into a breach of data on the British Airways website and mobile app. The British Airways breach reportedly involved financial and personal information of nearly 380,000 customers.

The British Airways breach occurred for around two weeks between 21 August and 5 September. British Airways said that the breach has been resolved. In addition, the firm reported to the authorities and its website is back to normal.

What was taken?

Compromised data include names, email addresses, credit card numbers, expiry dates and three-digit CVV codes. The airline company noted that travel and passport details have not been stolen.

British Airways chairman and chief executive Alex Cruz said: “We are deeply sorry for the disruption that this criminal activity has caused. We take the protection of our customers’ data very seriously.”

The airline has urged customers who made bookings through its ba.com website or app during the breach duration to contact their banks and credit card providers for advice.

The company said: “We advise any customers who believe they may have been affected to contact their banks or credit card providers and follow their advice.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

“British Airways will not be contacting any customers asking for payment card details and any such requests should be reported to the police.”

University of Surrey cyber-security expert Alan Woodward told the BBC that the theft had been probably carried out the point of entry through a malicious script on the website.