British Airways vows to compensate passengers after data breach

British Airways has vowed to compensate passengers affected by the theft of personal information from its website, as customers expressed anger over the company’s response to the data breach.

BA disclosed on Thursday night that hackers had stolen data relating to about 380,000 customers from its website and mobile app during a two-week period beginning on August 21, at the height of the summer holiday season.

One Twitter user said he was “shocked” that BA’s call centre had not known about the hack when he contacted it, while another said it was “disappointing” that they had found out about the breach from tweets and online news rather than from BA directly.

BA emailed customers overnight — several hours after it announced the breach to the authorities — advising them to contact their bank “and follow their recommended advice”.

Barclays said it would be monitoring customer accounts in light of the data breach, and would issue new cards to those affected.

On the BBC’s Today programme on Friday, chief executive Alex Cruz said the airline was “100 per cent committed to compensate” passengers who had suffered a financial loss because of the “sophisticated” hack.

Shares in IAG, BA’s parent group, fell 3.5 per cent at the start of London trading on Friday but later recovered slightly to a drop of 2.9 per cent.

The airline said personal and financial details were stolen but the information not did not relate to travel or passports. BA said it had resolved the breach and had contacted affected customers and notified the authorities, including the UK Information Commissioner’s Office.

Since the breach happened after the introduction of the General Data Protection Regulation, if BA had not told the ICO within 72 hours it would have been liable for fines of up to 4 per cent of annual turnover or €20m.

A spokesperson for the ICO said: “British Airways has made us aware of an incident and we are making enquiries.” The National Crime Agency also said it had contacted BA, while the Financial Conduct Authority said it was examining the hack.

BA also took out full-page advertisements in UK newspapers on Friday, beginning with the words: “We are sorry.”

Alex Neill, managing director of home products and services as consumer advice company Which?, said: “Anyone concerned they could be at risk of fraud should consider changing their online passwords, monitor bank and other online accounts and be wary of emails regarding the breach as scammers may try and take advantage of it.”

Alex Paterson, analyst at Investec, said BA’s promptness and transparency would reassure markets. “It’s helpful for them, but I don’t think it’s going to have a huge impact on value because it doesn’t seem that BA has done anything wrong,” he said.

It is the second big technical failure under Mr Cruz, who became BA’s chief executive and chairman in April 2016. The airline’s global IT system crashed in May 2017, grounding flights and leaving thousands of passengers stranded at the start of one of the busiest weekends for travel in the UK.

Mr Cruz has also had to deal with industrial action from cabin crew staff, who went on strike for 85 days last year over pay and bonuses. BA had to hire aircraft and crew to ensure flights were not disrupted.

Simon Shooter, a partner at law firm Bird & Bird, said BA could fall foul of the Network and Information Systems Directive, which came into force in May and says “operators of essential services”, such as BA, had to demonstrate that they had taken measures to manage risks to their network and information systems.

Mr Shooter said fines for the most serious contraventions went up to £17m, but this tended to involve an incident “resulting in an immediate threat to life or significant adverse impact on the UK economy”.

International airlines have been a common target for hackers. In April, Delta Air Lines said one of its suppliers had been the victim of a data breach, while last week Air Canada said its mobile app had been breached, potentially affecting 20,000 people.

Additional reporting by Naomi Rovnick, Aliya Ram and Tanya Powley

Let's block ads! (Why?)