The boss of British Airways has confirmed payment data stolen from its website and mobile app included enough bank card and personal details for criminals to access BA customers’ money.
Speaking to Radio 4’s Today Show on Friday, BA chief executive Alex Cruz elaborated on what he described as a “sophisticated, malicious, criminal attack” on the airline’s payment systems.
The airline on Thursday evening confirmed data relating to around 380,000 ba.com and mobile app transactions made between 11pm on August 21 and 10pm on September 5 had been compromised.
Cruz though admitted the airline first knew about the attack on Wednesday.
“We have a network of partners monitoring continuously what happens to websites across the world,” he said. “We got a signal from one of those partners. It took us a number of hours to go through it.
“The moment we found out actual customer data had been compromised, we began an all out, immediate communication to our customers. That was our priority. We are extremely sorry for what has happened - we know it is causing concern to some of our customers, especially those that booked by ba.com and our app.”
Cruz confirmed names, addresses, email addresses, card numbers, expiry dates and three-digit CVC codes had been stolen.
When asked if enough information had been stolen for these cards to be used, Cruz answered simply: “Correct.”
He added though that no itinerary information, frequent flyer data or passport data has been compromised.
Cruz said BA was “100% committed” to compensating anyone whose card is used illegally following the breach.
“We are going to work with any customer who may have been financially affected as a direct result of this attack,” he said. “We will compensate them for any financial hardship they suffer.”