, ,

BA one of many airlines to expose sensitive passenger information

BA data breach

A vulnerability with British Airway’s e-ticketing system has exposed sensitive passenger information. This flaw could allow a “malicious actor” to change the flight booking details and personal information of passengers. It also means that customer information could be exposed and fall victim to cybercriminals. The data at risk is thought to include:

  • Email addresses
  • Phone numbers
  • Membership numbers
  • First and last names
  • Booking references, itineraries, flight numbers, flight times, seat numbers and baggage allowances.

Worryingly, BA is not alone. Similar security bugs have also been found at several other airlines. This includes Southwest, KLM, Air France, Jetstar, Thomas Cook, Vueling, Air Europa and Transavia.

Speaking about the risk to passengers, Israel Barak, chief information security officer at cybersecurity company Cybereason, said: “For the consumer flying with British Airways, or with other carriers, they should be working under the assumption that their personal information has been compromised many times over.“

Is British Airways taking this e-ticketing data breach seriously?

Shockingly, it doesn’t seem to be. In fact, while the flaw was discovered in July, the researchers who found it (and whole told BA about it), claim that the problem still exists. This is particularly galling as, just a few weeks ago, the ICO announced plans to fine British Airways a whopping £183.93 million for ANOTHER data breach.

Questions must be asked about what it will take to make BA meet its legal responsibilities and protect its passengers.

Who has been affected by the BA e-ticketing data breach?

It is estimated that 2.5 million connections were made to the affected British Airways domains over the past six months. So, the potential impact is thought to be “significant.”

Cybersecurity scandals have plagued British Airways

Airlines must take action to ensure that all steps where personal information is accessible are secure. And for BA, with a history of data protection failures, this must become an urgent priority.

  • In September 2018, approximately 380,000 card payments were compromised after BA’s website and mobile app suffered a security breach
  • When investigating this case, a second data breach was also uncovered. In this instance, 77,000 people had their names, addresses, email addresses and detailed payment information taken. This included card numbers, expiry dates, and card verification value (CVV) numbers. Also, a further 108,000 people had their personal details stolen.

Can you make a BA data breach claim?

At Hayes Connor Solicitors, we are helping hundreds of BA passengers to claim compensation following the 2018 BA data breach.

However, at the moment, it is unclear if the exposure of personal and sensitive data in this latest breach has led to any customers suffering losses as a result. If you feel that you may have been affected, and have evidence of any loss or fraudulent activity, please let us know. We’ll keep you informed about this case and let you know if, and when, you can claim.

You can also contact us if you are worried that your data has been exposed by another airline.

The BA data breaches were able to happen as the airline failed to implement reasonable and robust security processes. So, claiming compensation isn’t just in your best interests. The only way organisations will be persuaded to take their responsibilities seriously is by taking strong and decisive action.


Data protection solicitors

At Hayes Connor Solicitors, we are committed to upholding the data protection rights of our clients. For more advice on your rights, and how to keep your data safe, follow us on Twitter and Facebook.