British Airways, one of the largest airline companies in the United Kingdom, is facing an all too familiar scandal in 2018.
The airline this week confirmed that, from Aug. 21 to Sept. 5, details of customers making or changing bookings on their website and app were compromised.
Financial and personal data has been stolen from potentially hundreds of thousands of British Airways customers who booked online in recent weeks.
The company discovered the breach this week.
Approximately 380,000 transactions were affected, with names, email addresses, credit card numbers, expiration dates, and the three-digit code (CVV) on the back of the card being accessed.
BA claims it did not store CVV numbers -that’s banned under international standards – card details were probably intercepted, rather than harvested from a BA database.
IAG said the data breach had been resolved and the website was working normally, and that no travel or passport details were stolen.
British Airways says it has been communicating with all affected customers and advising them to contact their banks or credit card providers.
However, some customers claim they had not been contacted and found out via the news or Twitter.
Answers on exactly how the criminals were able to steal the credit card information are few and will likely require British Airways or a third-party security contractor to divulge details.
The airline has launched an investigation and notified police and other relevant authorities.
It could face fines up to 4 percent of global revenue under GDPR, which works out to approximately $646 million.