British Airways has promised to compensate customers following a major hack that compromised the bank card information of around 380,000 customers.
The airline was hit by a “very sophisticated malicious criminal attack“ on its website and app between 21 August and 5 September.
Chief executive Alex Cruz says the company is “100% committed” to compensating customers who have had financial information stolen.
“We will compensate them for any financial hardship that they may have suffered,” he told the BBC.
Enough information was stolen to allow criminals to use credit or bank card information, Mr Cruz said.
BA confirmed details of the data breach on Thursday evening and began notifying customers.
The airline is investigating “as a matter of urgency” and the national Cyber Crime Agency and national Cyber Security Centre have been brought in.
Information stolen includes customer names, email addresses, home addresses and payment card information – but not travel or passport details.
Mr Cruz said the company had been quick to notify customers.
“The moment we found out that actual customer details had been compromised, that is when we began an all-out immediate communication to our customers, that was the priority,” he said.
Shares in British Airways owner IAG dropped more than 4% as the London market opened, wiping more than £500m off the airline group’s market value.
The airline is facing a backlash from customers who have had to cancel cards following the 15-day data breach.
Some contradicted Mr Cruz’s comments, saying the first they knew of the breach was on the news and through social media.
Customers rushed to social media and helplines after BA urged those who suspect they may have been affected to contact their bank or credit card provider.
Mat Thomas said he placed a booking on 27 August, but had not been contacted over the breach.
“Atrocious that I had to find out about this via news and twitter,” he tweeted. “Called bank and had to cancel both mine and my wife’s card. Probably won’t get it back before we fly (ironically).
“Terrible handling of the situation as I’ve still not received an email from BA!”
Gemma Theobald said she booked on Sunday and only knew about the breach when she went on Twitter.
She tweeted: “My bank… are experiencing extremely high call volumes due to this breach! Couldn’t do anything other than cancel my card… not how I wanted to spend my Thursday evening.”
Michelle Dewberry, presenter of the Sky News debate programme The Pledge, travelled to Vietnam with the airline and tweeted to say she only found out what had happened on the news.
Furious @British_Airways Found out re data breach from news, before you had the decency to tell me yourself I was likely affected. I’m travelling alone in Vietnam & have had to put stop on the card, which makes me vulnerable & I’m now spending precious hol time trying to resolve
— Michelle Dewberry (@MichelleDewbs) September 7, 2018
“I’m travelling alone in Vietnam & have had to put stop on the card, which makes me vulnerable,” she said in her tweet.
BA is the latest major UK company to report such an attack – seemingly the largest since the owner of Currys PC World, Dixons Carphone, admitted in early summer that millions of its customers had been hit by a data breach.
The theft is also likely to lead to a union backlash after criticism of the airline’s decision to outsource IT work to India.
The issue came to the fore after a costly IT failure last year that left 75,000 passengers stranded.
From – SkyNews