Earlier this week, we told you about the data breach that involved the major airline Air Canada.
Air Canada said that credit card data was not at risk, but that names, email addresses, and phone numbers of around 20,000 accounts were compromised.
Now, it looks like another major airline data breach has been discovered and this time, a significantly higher number of account details may have been stolen.
Are you affected? Read on and learn all the details of the latest airline data breach.
British Airways hacked
British Airways, the largest UK-based airline, has just confirmed that it has suffered a data breach.
The London-based company acknowledged that hackers stole customer information from its official website, ba.com.
The airline has not revealed much about the breach, but it disclosed in an official statement that the personal and financial details of customers who made flight bookings on BA’s site or app between Aug. 21 and Sept. 5 were compromised.
This means the breach continued on for two weeks and the hackers managed to steal around 380,000 card payment details. BA said that the breach did not include travel or passport details.
The company also announced that the breach has been resolved and its website is now working normally.
Are you affected?
British Airways stated that it has notified the police and has launched an urgent investigation of the breach.
The company has also started notifying affected customers who booked flights through ba.com or the airline’s app, urging them to contact their banks and credit card providers.
“British Airways is communicating with affected customers and we advise any customers who believe they may have been affected by this incident to contact their banks or credit card providers and follow their recommended advice,” BA said in a statement.
But has the company done enough? According to some BA customers, the airline has not contacted them directly about the breach.
With the new European General Data Protection Regulation (GPDR) protection rules already in effect, the company may be facing stiff fines.
According to the new rules, companies are required to inform officials within 72 hours of being made aware of a data breach. And if the breach is likely to “adversely affect an individuals’ rights and freedoms,” these individuals must also be informed without “undue delay.”
What to do after a data breach
Whenever a major data breach like this occurs, there are standard security steps that we should all take.
- First, you should already be frequently checking your bank statements, looking for suspicious activity. If you see anything that seems strange, report it immediately to your bank. It’s the best way to keep your financial accounts safe.
- Scammers will try to piggyback on data breaches like this. Beware of phishing scams that pretend to be from affected companies like banks, credit bureaus, credit card companies and even British Airways itself.
- It’s also a good time to audit your online accounts and passwords. This is especially true if you use the same credentials for multiple websites.
- Lastly, if you think you are already compromised, put a credit freeze on your accounts as soon as you can.