, , ,

BA admit to second cyber attack

british airways

Last week, we reported that a second cyber-attack had hit British Airways. The hack took place between April 21 and July 28 and was only uncovered as the airline was investigating another breach of its website which occurred in September.

August – September Data Breach

According to an update on the British Airway’s website, the company is investigating, as a matter of urgency, the theft of customer data from its website, ba.com, and its mobile app.

BA states that you may have been affected if you made a booking or paid to change your booking with a credit or debit card on ba.com or the mobile app between 22:58 BST August 21 2018 until 21:45 BST September 5 2018. It also recommends that you contact your bank or credit card provider and follow their advice.

You can find more details on the Aug-Sept BA data breach here.


April – July Data Breach

A further update on the BA website says: “Since our announcement on September 6, 2018 regarding the theft of our customers’ data, British Airways has been working continuously with specialist cyber forensic investigators and the National Crime Agency to investigate fully the data theft. We are updating customers today with further information as we conclude our internal investigation.”

It continues: “The investigation has shown the hackers may have stolen additional personal data and we are notifying the holders of 77,000 payment cards, not previously notified”.

You can find more details on the Apr-Jul BA data breach here.


What was stolen?

The stolen data included some payment card numbers, expiry dates, and card verification value (CVV) numbers. In addition, in both cases, the hackers also gained access to personally identifiable information (PII) including names, addresses, and email addresses.

PII includes any data that can be used to identify a specific individual, and, if it gets into the wrong hands, it can be used to undertake identity fraud. For example, with enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts.

It appears likely that both attacks were carried out by the same hackers, and could have gone on for months. There are also fears that customers’ details could be sold on the dark web to cybercriminals.

BA has said that it will contact everyone affected by both data breaches. If you have been told your data is at risk you should:

  • Contact your bank or card provider
  • Beware of fraudsters claiming to be British Airways who attempt to gather personal information (phishing). BA has said that it will NOT be contacting any customers asking for payment card details
  • Report any such requests to the police and relevant authorities
  • Look out for any bills or emails showing goods or services you haven’t ordered, or any unfamiliar transactions on your account and alert your bank or card provider immediately if there is any suspicious activity
  • Keep an eye on your credit score for any unexpected dips
  • Beware of any unsolicited communications that ask for your personal data or refer you to a web page asking for personal data
  • Register with a suitable fraud prevention service
  • Change your passwords on any accounts that use the same passwords as your BA account.

Compensation for the BA data breaches

British Airways has previously promised to compensate any customers who suffer “financial hardship” because of the breach.

However, it is not up to BA to dictate the terms of any compensation payments. What’s more, in the UK it doesn’t matter if you haven’t lost out financially as a result of the hack. A personal data breach is a 21st-century version of being burgled and being the victim of a crime can have a significant impact on you mentally and physically. So, if the data breach has caused you stress or anxiety, then the law agrees that you are entitled to compensation.

Join our BA data breach group action

Committed to helping victims of data breaches and cybercrime to achieve the justice they deserve, at Hayes Connor Solicitors we are now considering launching a group action to compensate victims of both BA data hacks.

Just because BA was a victim of cybercriminals, doesn’t mean it is any less liable if it failed to protect your all-important data sufficiently. Big companies must be held to account.

At Hayes Connor Solicitors, we are experts in data breach cases, and, once you have registered with us, it’s not uncommon that we uncover information that allows us to increase the value of your claim significantly. What might seem irrelevant to you, could make a huge difference in the eyes of the law. That’s why it’s important not to be fobbed off by a low initial offer from BA. Instead, by making a no-win, no-fee claim with us, we can increase the amount of compensation you receive substantially.

To join our group action, you will need you to register with us. We’ll let you know what is happening in this case and if and when you can make a data breach compensation claim.

Data breaches often have severe consequences for those affected so you could be entitled to thousands of pounds in compensation.




0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply