British Airways is continuing to investigate the theft of customer data and warns that fraudsters pretending to be from the airline may try to gather more personal information.
‘We are investigating, as a matter of urgency, the theft of customer data between 22:58 BST August 21 2018 until 21:45 BST September 5 2018 from our website, ba.com, and our mobile app,’ British Airways said. ‘Our website is now working normally.’
‘Customers should also be aware that fraudsters may be claiming to be British Airways and attempt to gather personal information by deception (known as ‘phishing’).’
‘We will not be contacting any customers asking for payment card details and any such requests should be reported to the police and relevant authorities.’
Remain vigilant to potential fraud
The United Kingdom’s National Crime Agency (NCA) said specialist officers from its National Cyber Crime Unit are managing the ongoing investigation and are working with the airline to gain a better understanding of the incident.
‘Our investigations into these types of incidents are often complex and take some time before the full details can be established,’ NCA said.
‘We know that ‘opportunist’ criminals often use incidents like this to conduct secondary fraud attacks. Anyone who thinks they may be affected should remain vigilant of potential fraudsters seeking access to personal details.’
British Airways said it had emailed over 380,000 customers to notify them of the data theft and advised all customers who made bookings or changes to their bookings with ba.com or the mobile app during that period of time to contact their bank or credit card provider.
More information is available from British Airways.
You can also read the NCA’s full statement and advice.
Any affected Australians should consider monitoring financial accounts for suspicious transactions, especially during the period the data breach took place, and contact your bank immediately if you suspect any fraudulent activity. BA customers are warned that fraudsters may attempt to contact you pretending to be from BA seeking additional personal information.