British Airways boss promises compensation for customers hit by data breach

Sign up to Simon Calder’s free travel email for expert advice and money-saving discounts

Get Simon Calder’s Travel email

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy policy

British Airways’ chief executive Alex Cruz has apologised to customers for the theft of payment card data and pledged compensation for all those affected.

The details of 380,000 cards were taken by hackers during a major security breach of the company’s website and mobile app between 21 August and 5 September.

Mr Cruz said a “sophisticated, malicious criminal attack” had taken place.

He promised BA would “100 per cent” compensate any customers who had lost money as the result of any fraud found to have taken place.

“We are extremely sorry for what has happened,” the chief executive told the BBC. “We know it has caused concern to some of our customers.

“Our number one purpose is contacting those customers that made those transactions to make sure they contact their credit card bank providers so they can follow their instructions on how to manage that breach of data.”

Mr Cruz revealed BA customers’ names, addresses, email addresses, card numbers and three-digit codes were stolen during the two-week breach. No flight information or passport details were taken by the hackers.

“We are 100 per cent committed to compensate them,” Mr Cruz said of affected customers.

“We are going to work with any customer that may have been affected, financially affected, as a result of this attack. And we will compensate them for any financial hardship they may have suffered.”

Mr Cruz said the company first discovered the attack on Wednesday night.

“The moment we found out that actual customer data had been compromised, that’s when we began an all-out, immediate communication to our customers,” he said.

BA was criticised for the speed of the response after discovering the data breach.

Mr Cruz said calls were made immediately to some customers and announcements were made on the company’s social media channels. Emails then began to be sent out to customers on Thursday afternoon. “We did it as absolutely as soon as we can,” he said.

The company took out adverts apologising for the hacking incident in some of Friday’s newspapers.

The airline could still face a fine from the Information Commissioner’s Office. A cyber attack suffered by TalkTalk in 2015 affecting fewer than half as many customers led to a record £400,000 fine.

A “power outage” that brought down BA’s information systems in May 2017 cost the company £80m after hundreds of flights had to be cancelled over a bank holiday weekend.

Shares in BA’s owner IAG fell by more than 4 percent early on Friday.

“We will get through this, without any doubts,” said Mr Cruz.