- Joined
- Mar 3, 2018
- Messages
- 1,713
In a press release, IAG subsidiary British Airways claim they're investigating "the theft of customer data from its website, ba.com and the airline's mobile app." The company says over 300,000 customers who made reservations or changes between August 21 and September 5 are affected, and warns that "Names, addresses, and all bank card details" are at risk on an emergency FAQ page. Interestingly, the company told news organizations that credit card expiry dates and CVV digits were part of the breach. CVV digits aren't supposed to be stored on payment systems, indicating attackers may have been intercepting payments as they were processed. Under GDPR, IAG could be facing significant fines.
No customer will be out of pocket as a direct result of the criminal theft of data from ba.com and the airline's mobile app. Any customer who made a booking in that timeframe will be reimbursed for any fraudulent activity on their accounts as a direct result of the data theft. Further, we will offer a 12 month credit rating monitoring service to any affected customer who is concerned about an impact to their credit rating, provided by specialists in the field.
No customer will be out of pocket as a direct result of the criminal theft of data from ba.com and the airline's mobile app. Any customer who made a booking in that timeframe will be reimbursed for any fraudulent activity on their accounts as a direct result of the data theft. Further, we will offer a 12 month credit rating monitoring service to any affected customer who is concerned about an impact to their credit rating, provided by specialists in the field.