British Airways Data Breach

  • 20th May 2021
  • Michelle Pace
  • Cyber Crime
British Airways Data Breach

British Airways Data Breach

British Airways revealed on 6th September 2018 that it had suffered a huge data breach between August 21st and September 5th of that same year.

Up to 380,000 individuals were affected by the cybercriminal activity, in which customers paying for bookings via the website, or the BA app were diverted to a fraudulent site that captured this information. A number of personal and financial details were subsequently stolen, which included:

  • Personal names and credit/debit card billing addresses
  • Email addresses
  • Debit and credit card details including the CCV (3-digit number on the back)

British Airways confirmed at the time that no passport or itinerary details were taken during the data breach and the issue was resolved quickly, with the website working normally soon after. It was later determined that the stolen information did include login and travel details. The number of victims is also estimated to have risen to 500,000, not 380,000 initially declared by B.A.

Upon discovering the breach, BA announced:

British Airways is investigating, as a matter of urgency, the theft of customer data from its website, and the airline's mobile app. The stolen data did not include travel or passport details. The breach has been resolved and our website is working normally.

Alex Cruz, British Airways' chairman and CEO, also stated: 

We are deeply sorry for the disruption that this criminal activity has caused. We take the protection of our customers' data very seriously.

The National Crime Agency (NCA) and the National Cyber Security Centre (NCSC) worked together once they were made aware of the breach, in order to ascertain the best way to handle the situation.

The Information Commissioner’s Office (ICO) fined BA £20 million in October 2020 for this data breach. This was considerably less than the initially projected fine which stood at £183.4 million.

what to do next

If you haven’t been contacted by British Airways regarding any of your BA bookings, or you booked via a third party, you will not have been a victim of the data breach. If you have been contacted by BA to inform you that your details were taken, there are a few steps you will need to perform.

Check your Notty FraudWeb to monitor your stolen details being passed on to the Dark Web, and protect your identity.

Victims of the breach have been invited to make a claim for compensation by lawyers. Mr Justice Warby gave permission back in October 2019 that a class action case could go ahead. PGMBM, a group-claim expert law firm estimates that anyone who incurred a financial loss or damages as a result of the British Airways data breach may be eligible to receive up to £2,000, although rumours say that it could be significantly less, at approximately £200 per claimant. The case will be taken on a no-win, no-fee basis with 35% of the compensation being taken as payment if the case wins. 

Anyone wishing to make a claim only has until March 19th 2021 to sign up for legal representation. You should have been contacted by British Airways if you were a victim but if you are unsure, you can ask them to investigate by clicking over to their website or calling 0344 493 0787.

how to stay safe online

With your free Notty Account, you will receive considerable benefits and further exceptional offers. 

  • We offer free FraudWeb searches and alert you if any of your personal details are discovered on the Dark Web or even for sale there. There are numerous pieces of information that we can search for you, from email addresses to your passport number. 
  • McAfee Total Protection is available at a much-reduced cost to our Notty members and can be downloaded on more than one device which is great for a family household. Keeping software up-to-date is essential in the fight against cybercrime.