Almost 400,000 British Airways customers have had their bank card details stolen in what is reported to be one of the most severe cyber-attacks in UK history.
Worryingly, while the huge data breach started over two weeks ago, it was only detected by the airline on Wednesday night. At that time BA told its customers about the breach and reported the incident to the police.
However, with 12 days between the BA data breach occurring and the incident being detected, questions are now being asked as to whether poor systems have made this cyber-attack worse.
All 380,000 customers who booked flights online or via the BA app during that time using a debit or credit card are affected.
Committed to helping victims of data breaches and cybercrime to achieve the justice they deserve, at Hayes Connor Solicitors we are now considering launching a group action to compensate victims of the BA data breach.
What happened in the BA data breach?
Hackers carried out a “sophisticated, malicious criminal attack” on the BA website. BA has confirmed that the personal and financial details of customers making bookings had been compromised. In total, about 380,000 transactions were affected.
Along with the financial info stolen, it appears that the hackers also gained access to personally identifiable information (PII). PII includes any data that can be used to identify a specific individual, and, if it gets into the wrong hands, it can be used to undertake identity fraud. For example, with enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts.
Signs that criminals have used your data or financial information following the BA data breach include:
Bills or emails showing goods or services you haven’t ordered
Unfamiliar transactions from your account
An unexpected dip in your credit score
Unsolicited communications that ask for your personal data or refer you to a web page asking for personal data.
If you have been affected by this BA data breach, please contact your bank or credit card provider immediately.
BA has admitted that the hackers spent more than two weeks accessing data online. This increases the risk to passengers substantially. There are also fears that customers’ details will be sold on the dark web to cybercriminals.
What has BA done about the data breach?
BA has notified the police and relevant authorities. The National Crime Agency has also been brought in to investigate this case.
The airline has also issued an email to affected customers stating that:
“From 22:58 BST 21 August 2018 until 21:45 BST 5 September 2018 inclusive, the personal and financial details of customers making or changing bookings at ba.com, and on our app were compromised. The stolen data did not include travel or passport information.
“The breach has been resolved and our website is working normally.
“We’re deeply sorry, but you may have been affected. We recommend that you contact your bank or credit card provider and follow their recommended advice.
“We take the protection of your personal information very seriously. Please accept our deepest apologies for the worry and inconvenience that this criminal activity has caused.
British Airways customers have rightly vented their fury at the airline, especially as it long it took them so long to notice that they had been attacked.
Customers have also taken to social media to raise concerns about how secure BA’s IT security processes are. And they are right to do so. Just because BA was a victim of cybercriminals, doesn’t mean it is any less liable if it failed to protect your all-important data sufficiently. Big companies must be held to account.
The airline has said that compensation claims will be discussed on an ‘individual basis’. However, it is not up to BA to dictate the terms of any compensation payments.
At Hayes Connor Solicitors, we are experts in data breach cases, and, once you have registered with us, it’s not uncommon that we uncover information that allows us to increase the value of your claim significantly. What might seem irrelevant to you, could make a huge difference in the eyes of the law. That’s why it’s important not to be fobbed off by a low initial offer from BA. Instead, by making a no-win, no-fee claim with us, we can increase the amount of compensation you receive substantially.
Crucially, it doesn’t matter if you haven’t lost out financially as a result of the hack. A personal data breach is a 21st-century version of being burgled and being the victim of a crime can have a significant impact on you mentally and physically. So, if the data breach has caused you stress or anxiety, then the law agrees that you are entitled to compensation.
What can you do about the BA data breach?
With investigations now underway into the data breach, if BA is found responsible for this appalling data protection failure, the airline will no doubt have to pay a hefty fine. But, while the Information Commissioner’s Office does issue fines, it does not award data breach compensation. At Hayes Connor Solicitors, our data breach solicitors can help you with that.
We have already been contacted by many British Airway customers who are worried that their personal and financial data was not looked after as carefully as it should have been.
In response, we are preparing a group action compensation claim for everyone who has had their data accessed in the BA data breach if it is found that BA have failed to adequately protect that data.
To preserve your ability to claim, you will need you to register with us. We’ll let you know what is happening in this case and if and when you can make a data breach compensation claim.
Data breaches often have severe consequences for those affected so you could be entitled to up to £5,000 in compensation.
https://www.hayesconnor.co.uk/wp-content/uploads/2018/09/GOVERNMENT-DATA-BREACH-CLAIMS-1.png788940Hayes Connor Solicitorshttps://www.hayesconnor.co.uk/wp-content/uploads/2016/12/Hayes_Logo_header_300-300x110.pngHayes Connor Solicitors2018-09-07 11:15:092018-09-07 13:54:22BA customers victims of huge data breach with cybercriminals stealing bank card details