British Airways hack exposes personal and financial details of 380,000 customers

British Airways has fallen victim to what it describes as a "very sophisticated" attack in which hackers stole financial data relating to hundreds of thousands of customers.

The airline revealed that hackers gained access to its systems and managed to remain undetected for two weeks. The theft of data took place between August 21 and September 5 and the attackers managed to compromise both the ba.com web site and the airline's mobile app.

Speaking to the BBC, Alex Cruz -- chief executive of British Airways -- said that this had been a "sophisticated, malicious criminal attack".

In all, 380,000 payment cards are affected, and British Airway urges anyone who believes their details may have been compromised to get in touch with their bank or credit card company.

Parent company IAG says that the situation is now under control and that the website and app are functioning normally. The matter has been reported to authorities, and British Airways is in the process of notifying customers about the incident.

In a statement issued on its website, British Airways says:

We are investigating, as a matter of urgency, the theft of customer data from our website and our mobile app. The stolen data did not include travel or passport details.

From 22:58 BST August 21 2018 until 21:45 BST September 5 2018 inclusive, the personal and financial details of customers making or changing bookings on our website and app were compromised.

The breach has been resolved and our website is working normally. We have notified the police and relevant authorities.

We are deeply sorry for the disruption that this criminal activity has caused. We take the protection of our customers' data very seriously.

BA goes on to say:

Every customer affected will be fully reimbursed and we will pay for a credit checking service. We take the protection of our customers' data seriously, and are very sorry for the concern that this criminal activity has caused. We will continue to keep our customers updated with the very latest information. We will be contacting customers and will manage any claims on an individual basis.

While the company says that travel and passport details were not stolen, there is still great potential for identity theft. Jake Moore, security specialist at ESET, offers the following advice:

After a large scale incident like this, fraudsters from around the world will inevitably jump at the chance to try and catch a few unsuspecting people out. If you receive any emails purporting to be from this incident or such like mentioning it asking for any personal information or to click on unverified links, discard them.

If your data is included in this breach, you'll need to take action to protect yourself. If you find your credit or debit card has been compromised consider the following:

• Call your bank or card issuer, cancel the card and request a new card. No bank will ever mind being contacted for you being cautious.
• You'll also want to check your card statements for suspicious activity or purchases online -- in particular small amounts just in case they are testing your card before a larger transaction is placed online. It also might be worth adding extra fraud alert security on your account.
• And it goes without saying change your BA.com password. After any breach of such velocity, it is always a good idea to change your passwords along with the same ones used on other websites.

Image credit: Colin A Pierce / Shutterstock