British Airways announced on Thursday that the personal and financial details of customers who booked or changed their tickets on the airlines’ website between August 21 and September 5 were stolen in a data breach.
“We are investigating, as a matter of urgency, the theft of customer data from our website and our mobile app,” the airlines said. “The stolen data did not include travel or passport details.”
Around 3,80,000 card payments were compromised, according to Reuters.
The breach has been resolved and the website is now working normally, British Airways said, adding that the police and other relevant authorities have been notified. “We are deeply sorry for the disruption that this criminal activity has caused,” it added. “We take the protection of our customers’ data very seriously.”
The airline said it will contact affected customers directly to “advise them of what has happened and are advising them to contact their banks or credit card providers and follow their recommended advice”.
“Every customer affected will be fully reimbursed and we will pay for a credit checking service,” it added. “We will be contacting customers and will manage any claims on an individual basis.”
The data theft is the latest blow to the airline’s reputation. In May 2017, the airline’s information technology systems sustained a major failure over a bank holiday weekend. More than 1,000 flights were affected and tens of thousands of passengers were stranded at London airports. Analysts estimated a loss of at least £100 million (approximately Rs 718 crore) in compensation, additional customer care and lost business.