Global Travel Media » Blog Archive » Credit card info stolen from 380,000 BA direct bookers

Home » Headline News » Currently Reading:

Credit card info stolen from 380,000 BA direct bookers

September 10, 2018 Headline News No Comments Email Email

In a “sophisticated, malicious attack” that targeted payment cards, cyber-criminals have stolen personal and financial information from 380,000 customers who booked direct online with British Airways.

The crime, described by BA chief Alex Cruz as “a very sophisticated, malicious attack”, let criminals obtain the personal and financial details of customers who made bookings on BA’s website or app over a two-week period: between 22:58 BST 21 August 2018 and 21:45 BST 5 September 2018. The bookings could have been made from anywhere, including Australia.

Cruz said the airline was “deeply sorry for the disruption that this criminal activity has caused”. BA is urging customers affected to contact their banks or credit card providers.

The attack is embarrassing for BA as it relates to another failure of the airline’s IT systems. Thieves are believed to have got the numbers, expiry dates and security code or “Card Verification Value” (CVV) on the back of the cards. There is controversy over the CVVs as they are not meant to be stored.

In June, thousands of BA customers had their tickets cancelled and refunded because of an IT glitch. Something similar but on a smaller scale happened the following month. Last year, a problem blamed on a power outage caused part of the airline’s IT system to collapse and cancel hundreds of flights over a busy bank holiday weekend. 

In an issued statement on the latest incident, BA said:

“No British Airways customer will be left out of pocket as a result of this criminal cyber attack on its website,, and the airline’s mobile app.

“The airline has guaranteed that financial losses suffered by customers directly because of the theft of this data from British Airways will be reimbursed, and is recommending that customers contact their bank or card provider if they made a booking or change to their booking between 22:58 BST August 21 2018 and 21:45 BST September 5 2018.

“We understand that this incident will cause concern and inconvenience. We have contacted all affected customers to say sorry, and we will continue to update them in the coming days. British Airways will not be contacting any customers asking for payment card details, any such requests should be reported to the police and relevant authorities.”

For more, see BA’s bulletin on the incident here.

Written by Peter Needham

Comment on this Article:

Platinium Partnership



Premier Partnership Sponsors


Official Media Event Partner


Global travel media endorses the following travel Publication




%d bloggers like this:
%d bloggers like this: