British Airways to compensate passengers over data theft

Airline may be first high-profile company to run afoul of Europe’s data privacy rules

British Airways has vowed to compensate passengers affected by the theft of personal information from its website, as customers expressed anger over the company's response to the data breach.

BA disclosed on Thursday night that hackers had stolen data relating to about 380,000 customers from its website and mobile app during a two-week period beginning on August 21st, at the height of the summer holiday season.

The airline could yet become the first high-profile company to run afoul of Europe’s far-reaching data privacy rules – and face potentially hefty fines. The European Union’s General Data Protection Regulation, or GDPR, which took effect in May, mandates that companies have to take technical precautions such as encryption to ensure client data is protected.


It also states that firms must notify authorities about breaches within 72 hours after learning about them. Violations can be punished with as much as 4 per cent of a company’s annual sales, which for BA could reach about £489 million based on 2017 figures.

The hackers at BA got away with account numbers and personal information of customers making reservations on the carrier’s website and mobile app.

Chief executive Alex Cruz has apologised to customers in a letter and urged them to contact their bank or credit card provider. – Copyright The Financial Times Limited 2018 / Bloomberg