Hackers were able to obtain the credit card details of some 380,000 British Airways customers who booked their tickets directly from the website or an app over a two-week period.
The security breach was first discovered on Wednesday. According to Chairman and Chief Executive of BA, Alex Cruz, the bookings made between Aug. 21 and Sept. 5 had been infiltrated in a "very sophisticated, malicious criminal."
"We discovered that something had happened but we didn't know what it was [on Wednesday evening]. So overnight, teams were trying to figure out the extent of the attack," said Cruz.
The hackers stole enough data to use credit card information for illicit purposes. The stolen data included customers' names, email addresses, and credit card information.
"We know that the information that has been stolen is name, address, email address, credit card information; that would be credit card number, expiration date and the three-letter code in the back of the credit card," said Cruz.
However, the Airlines insist that the stolen data does not include travel or passport details.
British Airways has contacted all their affected customers and advised them to contact their bank or credit card provider and follow their recommended advice.
Mr. Cruz added: "At the moment, our number one purpose is contacting those customers that made those transactions to make sure they contact their credit card bank providers so they can follow their instructions on how to manage that breach of data."
The company is ready to compensate for the financial loss incurred by any customer who is affected by the security breach.
"The moment we found out that actual customer data had been compromised that's when we began an all-out immediate communication to our customers, that was the priority," he said.
BA says, “the airline has guaranteed that financial losses suffered by customers directly because of the theft of this data from British Airways will be reimbursed.”