, , ,

BA hit by second cyber attack leaving thousands of customers at risk

A second cyber-attack has hit British Airways. The hack was discovered while the airline was investigating another breach of its website which occurred in September.

It appears that the earlier attack took place between April 21 and July 28. Over 185,000 people could have had their payment card details stolen.

Two separate groups of customers have been affected by the latest BA data breach:

  • 77,000 people have had their names, addresses, email addresses and detailed payment information taken. This includes card numbers, expiry dates, and card verification value (CVV) numbers
  • 108,000 people have had their personal details stolen, but not their payment card CVV numbers.

The hack went undetected for months; meaning BA customers have been exposed to fraud all this time. It appears likely that both attacks were carried out by the same hackers and there are fears that customers’ details will be sold on the dark web to cybercriminals.

A breach of the BA website in September affected 380,000 transactions. As in this latest case, along with the financial info stolen, the hackers also gained access to personally identifiable information (PII).

PII includes any data that can be used to identify a specific individual, and, if it gets into the wrong hands, it can be used to undertake identity fraud. For example, with enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts.

BA has said that will contact everyone affected by the latest data breach.

What is happening now?

The September BA data breach is currently being investigated by the Information Commissioner’s Office and the National Crime Agency. It is possible that the airline could face huge fines as the violation occurred after the introduction of the General Data Protection Regulation which imposes strict data protection rules on organisations. This latest breach will also of interest to the regulators.

What should you do to protect yourself?

Signs that criminals have used your data or financial information following either of the BA data breaches include:

  • Bills or emails showing goods or services you haven’t ordered
  • Unfamiliar transactions from your account
  • An unexpected dip in your credit score
  • Unsolicited communications that ask for your personal data or refer you to a web page asking for personal data.

If you believe you have been affected by either BA data breach, please contact your bank or credit card provider immediately.

Compensation for the BA data breaches

Alex Cruz, the chairman and chief executive of British Airways, has previously promised to compensate any customers who suffer “financial hardship” because of the breach.

However, it is not up to BA to dictate the terms of any compensation payments.

What’s more, in the UK it doesn’t matter if you haven’t lost out financially as a result of the hack. A personal data breach is a 21st-century version of being burgled and being the victim of a crime can have a significant impact on you mentally and physically. So, if the data breach has caused you stress or anxiety, then the law agrees that you are entitled to compensation.

Join our BA data breach group action

Committed to helping victims of data breaches and cybercrime to achieve the justice they deserve, at Hayes Connor Solicitors we are now considering launching a group action to compensate victims of both BA data hacks.

Just because BA was a victim of cybercriminals, doesn’t mean it is any less liable if it failed to protect your all-important data sufficiently. Big companies must be held to account.

At Hayes Connor Solicitors, we are experts in data breach cases, and, once you have registered with us, it’s not uncommon that we uncover information that allows us to increase the value of your claim significantly. What might seem irrelevant to you, could make a huge difference in the eyes of the law. That’s why it’s important not to be fobbed off by a low initial offer from BA. Instead, by making a no-win, no-fee claim with us, we can increase the amount of compensation you receive substantially.

To join our group action, you will need you to register with us. We’ll let you know what is happening in this case and if and when you can make a data breach compensation claim.

Data breaches often have severe consequences for those affected so you could be entitled to up to £5,000 in compensation.


1 reply

Trackbacks & Pingbacks

  1. […] week, we reported that a second cyber-attack had hit British Airways. The hack took place between April 21 and July 28 and was only uncovered as the airline was […]

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply