The carrier had revealed overnight that the personal and financial details of customers making bookings on the BA website and mobile phone app between August 21 and September 5 had been stolen.
British Airways will pay compensation to customers whose data was been stolen by a “sophisticated” and “malicious” hacking attack, its boss said Friday.
BA has launched an urgent investigation into the data breach which involved 380,000 bank cards. The stolen data comprised customer names, postal addresses, email addresses and credit card information. The 15-day hack did not involve travel or passport details and the breach has now been fixed.
BA took out full-page adverts in the UK newspapers on Friday to apologies, while shares in parent group IAG slid three percent in early morning London deals.
“We’re extremely sorry for what has happened,” Cruz said Friday.
“There was a very sophisticated, malicious, criminal attack on our website.”
He added that the company first became aware that something had happened on Wednesday evening.
“The moment we found out that actual customer data had been compromised, that’s when we began an all-out immediate communication to our customers. That was our priority.”
Police and relevant authorities have meanwhile been notified. The National Crime Agency said it was assessing the matter, while the Information Commissioner’s Office added it would also be making enquiries.
Anyone who believes that they may have been affected is advised by BA to contact their bank or credit card provider and follow their recommendations.
The airline added that customers due to travel could check in online as normal. IAG also owns Spanish carriers Iberia and Vueling, as well as Irish airline Aer Lingus.