Hundreds of thousands of BA customers hacked following introduction of GDPR
British Airways (BA) has this week revealed that hundreds of thousands of customers’ personal details may have been stolen just months after the new data regulation came into force.
In a statement on its website, it said it is investigating “as a matter of urgency” the theft of flyers’ data from its online platforms.
It added that the stolen data “did not include travel or passport details”.
However, BA did not make it clear if financial information had been stolen and urged customers to contact their bank or credit card provider for advice.
The hack appears to be among the first major breaches of customer data since the introduction of the General Data Protection Regulation (GDPR), which was designed to encourage businesses to do more to protect the information they hold on customers.
The Information Commissioner’s Office (ICO), Britain’s data regulator, is now likely to intervene after a spokesperson said the Office would be “making inquiries”.
Customers have already spoken out that BA may be in breach of the 72-hour rule, in which a company must contact the regulator within three days after the discovery of a potential data breach.
Alex Neill, of consumer group Which?, said anyone concerned that they could be at risk of fraud should consider changing their online passwords, monitor bank and other online accounts and be wary of fraudulent emails.
A spokesperson for BA said: “We are deeply sorry for the disruption that this criminal activity has caused. We take the protection of our customers’ data very seriously.
“If you believe you have been affected by this incident, then please contact your bank or credit card provider and follow their recommended advice. Please check back here [the BA website] for further updates.”