Hello! You are viewing your 1 free guest article this week

Please log in or join now for free, immediate and unlimited access to our award-winning online content. Find out more...

Join us
Already a member? Log in here

Travel industry news

12 Sep 2018

BY Sophie Griffiths


Is BA to blame for failing to prevent its cyber attack?

It’s a situation that could happen – and has – to countless companies. From Yahoo to the NHS, no business or organisation, it seems, is immune to cyber security risks.

Sophie Griffiths Leader

And the travel sector is no exception. Last year it was Abta; last month Butlin’s; and last week British Airways.


It is this latter breach, though, that is particularly worrying. Firstly, there’s its scale – some 380,000 transactions affected, a figure described by security experts as “astounding”. Secondly, the theft was not just of customers’ personal details, but of their financial information and – crucially – their CVV card security codes.

The airline is not unique in suffering a cyber attack. But is it to blame for its failure to prevent one? The fact fines can be issued to those who suffer such data breaches (up to £500m in the case of BA, thanks to GDPR) would suggest so.

There is also some doubt over the carrier’s cost-cutting measures: have they gone too far? Complimentary food and drink were removed from short-haul economy services – did BA’s desperation to curb costs also stretch to its IT systems?

BA insists not. A spokesman told the Financial Times the airline is “investing more in cyber security than ever before”. But this will be of little comfort to the hundreds of thousands of affected customers.

To its credit, BA did at least respond more swiftly than after its 2017 IT meltdown. Full-page apology ads appeared in national newspapers, and the airline has promised “100%” compensation to any customers who lost money. This, on top of a potentially hefty GDPR fine and reputational damage though, could lead to a substantial bill.

For once, agents weren’t left to clear up BA’s mess. The airline has insisted only direct bookings were affected by the incident – GDS bookings are, for now, safe. Either way though, BA’s data breach is a timely reminder all travel companies, big and small, should invest in their cyber security.

Add New Comment
Please sign in to comment.
Show me more

Follow Us

TTG Media Limited.
Place of registration: England and Wales.
Company number 08723341.
Registered address: New Bridge Street House, 30-34 New Bridge Street, London EC4V 6BJ
Scroll To Top