The Chief Executive of British Airways, Alex Cruz, apologised to affected BA customers this morning, and the company has since released a statement saying that the incident has been resolved.
BA state that the data breach took place between 22:58 BST on the 21st August and 21:45 BST on the 5th September, and have urged those affected to contact their banks.
The breach comes as a second notable incident involving BA company operations within the last two years, with a global flight interruption occurring in May 2017, which was caused by computer system outages.
“A blow to our privacy”
Israel Barak, Chief Information Security Officer at Cybereason, said: “The British Airways breach once again sheds light on the difficulty companies have protecting the proprietary information of their customers that is their backbone.
“Collectively, this is a blow to our privacy, and British Airways joins a growing list of organisations that have faced a knock down punch.
“For the consumer, they should be working under the assumption that their personal information has been compromised many times over. As an industry until we can start making cyber crime unprofitable for adversaries they will continue to hold the cards that will yield potentially massive payouts.”
>Read more on how to keep personal information safe online
“A ripe target for hackers”
According to Head of Threat Intelligence at Trusted Knight, Trevor Reschke, described any company that sees a large volume of card transactions as “a ripe target for hackers”.
“Stealing data en masse in this way can be hugely profitable for the criminal underground,” Reschke added. “It is now a race between British Airways and the criminal underground.
“One will be figuring out which cards have been compromised and alerting victims, whilst the other will be trying to abuse them while they are still fresh.”
“Not the whole story”
Additionally, Randy Abrams, Senior Security Analyst at Webroot, said that “this is not the whole story”.
“Air Canada was hacked, and between August 22nd and August 24th, customers’ passport details may have been compromised,” Abrams explained. “The overlapping dates are probably a blessing as the odds are small that the same customers booked both airlines in the two day window of overlap.
“In the case of Air Canada’s breach, customer’s data potentially including passport numbers and expiry date, passport country of issuance, NEXUS numbers for trusted travellers, gender, dates of birth, nationality and country of residence may have been compromised.
>Read more on why protecting employee data is crucial
“In both cases, this is data that now may be available to cybercriminals to aggregate and correlate to build significantly comprehensive profiles.”
Moreover, Abrams added to the urges on the part of BA to affected customers to contact their bank by advising all customers who booked flights between 21st August and the 5th September to set up two-factor authentication.