British Airways Data Breach Compromises 380K Cards

anthem-data-breach

British Airways announced that it was hit by a customer data breach on its website and mobile app, which affected around 380,000 card payments. The airline told CNBC that the breach took place from Aug. 21 to Sept. 5 and is now resolved. The hack has been reported to the authorities, including the U.K. Information Commissioner’s Office. British Airways said the stolen data did not include travel or passport details.

“We are deeply sorry for the disruption that this criminal activity has caused. We take the protection of our customers’ data very seriously,” said Alex Cruz, British Airways’ CEO, according to Financial Times.

The airline advised any customers who believe they may have been affected by the incident to contact their banks or credit card providers.

This is just the latest breach to hit an airline. In fact, there were 1,000 cyberattacks on aviation systems every month during 2016, according to the European Aviation Safety Agency. That same year, Vietnam Airlines had to complete its operations at airports by hand after hackers took down its website. Last year, LATAM Airlines and Ukraine’s Boryspil airport were both hit by ransomware.

In addition, just last week, Air Canada confirmed that its mobile app suffered a data breach, which affected approximately 20,000 people — or about 1 percent of the 1.7 million people who use the app. The company said it detected “unusual login behavior” between Aug. 22 and Aug. 24. In an email to customers, Air Canada said hackers may have accessed profile data, such as email addresses and phone numbers, as well as more sensitive data that users added to their accounts  passport numbers, expiration dates and country of issuance; NEXUS numbers for travelers; gender, dates of birth and in which country users reside. However, credit card data was not compromised in the breach.

In April, Delta Air Lines disclosed that payment information of some of its customers could have been exposed as part of a data breach at [24]7.ai, the software provider.