British Airways is scrambling after a data breach compromised payment and personal information for more than 380,000 customers.
The security breach, which happened between Aug. 21 and Sept. 5, is the worst that the airline has ever seen, affecting people who booked through its website and its mobile app. Though personal and financial details were compromised, British Airways said no passport information was leaked.
It is thought the number of payments compromised could be up to 400,000 and BA confirmed Friday morning hackers had obtained names, addresses, credit card numbers, expiry dates and the three-digit security codes on the backs of cards – plenty to make a fraudulent payment.
Alex Cruz, BA’s chairman, revealed the hackers were “very sophisticated criminals” who had not hacked the company’s encrypted data, but rather gained “illicit access” to the airline’s system.
On Thursday, British Airways tweeted the news: