British Airways used to brag that “We’ll take more care of you,” but it hasn’t been taking enough care of its customer data.
Hackers stole the credit card and contact data of 380,000 British Airways customers, the airline’s owner IAG (ICAGY) announced Thursday. The data came from customers who made purchases between 10:58 p.m. BST (5:58 pm. ET) August 21 and 9:45 p.m. BST September 5.
British Airways says its website and mobile app are back to normal and that it is contacting affected customers. In the meantime, it encourages customers to contact their bank and credit card issuers.
Customer travel and passport information remains secure, the airline said in its statement.
A third party detected “unusual activity” and notified British Airways, Gizmodo reports, so there may be an independent report on the details in the future.
The airline has suffered previous technology problems that forced it to cancel flights in May and again in August this year, affecting IAG’s stock price. This month’s data breach has not affected scheduled flights.
Alex Cruz, British Airways’ Chairman and Chief Executive said: “We are deeply sorry for the disruption that this criminal activity has caused. We take the protection of our customers’ data very seriously.”
If European data regulators decide that the airline doesn’t take customer data protection seriously enough, they could fine it up to 4% of annual revenue under the recent General Data Protection Rules (GDPR).