Cyber Incident Victim: British Airways

British Airways disclosed a significant cybersecurity incident on September 6, 2018, involving the theft of customer payment details. The breach occurred over a two-week period in August 2018, with the attack compromising approximately 380,000 customer records containing personal and financial information. The airline initiated an urgent investigation upon discovering the breach and promptly notified law enforcement authorities, including the UK National Crime Agency and the Information Commissioner's Office. Affected customers included those who made bookings through British Airways' website and mobile app between August 21 and September 5, 2018. The stolen data encompassed payment card numbers, expiration dates, and card verification value (CVV) codes, along with customer names, billing addresses, and email addresses.

The breach represented one of the most substantial data theft incidents in the UK aviation sector at the time, directly impacting nearly 380,000 payment cards. British Airways immediately began notifying affected customers via email, advising them to contact their banks or credit card providers. The company committed to covering financial losses suffered by customers as a direct result of the breach. While the exact method of intrusion wasn't publicly detailed, the attack specifically targeted the airline's digital booking systems. The incident prompted widespread media coverage and regulatory scrutiny under the newly implemented General Data Protection Regulation (GDPR), which carried potential fines of up to 4% of global turnover for data protection failures. British Airways maintained operational continuity for flights and airport services throughout the incident response period.