British Airways app and website hack exposes full card details of 380,000 customers

Ben Lovejoy writing for 9to5Mac:

A ‘sophisticated’ attack on British Airways’ mobile app and website has exposed the names, email addresses and full credit card details of 380,000 customers.

Of particular concern is the fact that the attackers captured the three-digit CVV security codes on the backs of cards, something that should not normally be possible …

BA said that the hack gathered data on transactions made through its app and website between August 21 and September 5, reports the BBC.

“It was name, email address, credit card information – that would be credit card number, expiration date and the three digit [CVV] code on the back of the credit card,” said BA boss Alex Cruz.

BA insists it did not store the CVV numbers. This is prohibited under international standards set out by the PCI Security Standards Council.

Since BA said the attackers also managed to obtain CVV numbers, security researchers have speculated that the card details were intercepted, rather than harvested from a BA database.

The airline says only transactions made between the above dates were affected, and that all customers whose details were exposed have now been contacted. 

Shocking data breach especially with the CVV numbers being exposed. If you bought tickets/flew via British Airways between the dates above, then contact your bank ASAP.