Here’s everything you need to have a whale of a time at someone else’s expense: name, address, credit card number, card expiration date, three letter security code.
The sophisticated and malicious hackers that targeted British Airways were able to get their hands on all those details, intercepting 380,000 transactions in total. They also picked up customers’ email addresses. Bonus!
The BA Security Breach: What are the facts?
They did not get their passport details or itinerary information. But that’s really not going to come as much comfort to those affected. It amounts to saying: “We’ve just hit you in the stomach, but here, have a paracetamol because it could have been worse.”
Except that it gets worse. Here’s another gut punch: the breach took place between 21 August and 5 September. So it was active for just over two weeks. BA was informed of it by “a third party”, thought to be another airline targeted with a high volume of attempted fraudulent transactions.
And here’s another: customers have been taking to social media, and the airwaves, to say they found out about this stuff not from BA but via the news media, Twitter and other outlets.
Some of those who were contacted received emails that landed in the early hours of the morning. If you’re like me you probably get a lot of guff in your inbox so something coming from a business at that time could all too easily get missed.
Faced with all this, the natural inclination of many people has been to attempt to cancel and replace their cards – forget the “watch your account and if nothing happens don’t worry about it” advice.
But that’s just left them with the frustration of dealing with another industry, banking, that takes a decidedly slapdash approach to customer service: “We are experiencing a high volume of calls at the moment. Please hold the line. Your call is important to us.”
A country that works for everyone, said Theresa May. Here is yet another example of the vast gulf between her rhetoric and everyday reality.
This latest incident comes just a couple of months after a major Ticketmaster hack and another at Dixons Carphone, the electronics retailer.
They all bear striking similarities: delays in the hack coming to light, poor communication after the event (I was caught up in the Ticketmaster occurrence and can testify to that), apologies from executives that sound less than sincere if you find yourself on the receiving end.
It really isn’t good enough.
The affair has hit the share price of BA’s owner IAG, which was trading down 3 per cent at the time of writing, good for £400m off the company’s market value. It’s important that investors have apparently taken the issue seriously, all the more so at a time when the company has been trying to repair its frayed relations with the people who fly with it.
But such falls often prove transitory.
The money required to compensate customers who lose out through fraudulent transactions is real and may have a meaningful impact on BA’s results. Shareholders, accustomed to the ups and downs of stock prices, will likely pay more attention to that, not to mention the potential damage to the company’s reputation.
