British Airways Data Breach – August 2018

Just under four months after the General Data Protection Regulations (GDPR) were introduced, British Airways found themselves at the centre of a 15-day data breach which compromised near to 380,000 card payments and could have led to serious financial losses for its customers. BA confirmed on 23rd August 2018 that the ‘theft of customer data’ had occurred between 22:58 BST August 21st and 21:45 BST September 5 2018 from their website ( as well as their mobile app.

Customers who made bookings, or paid to change their bookings through the website or app during this time period were recommended to contact their banks or credit card providers for further advice. Although no exact number was confirmed, it’s thought that the personal details (of up to 400,000 people could have been breached by hackers. Whilst these details did not include passport or travel details, hackers did acquire names, billing addresses, email addresses and all the bank details required to make online payments, leaving customers open to card fraud and phishing scams.

British Airways’ chairman, Alex Cruz, made a statement declaring that the hackers were a team of ‘very sophisticated criminals’ who gained illicit access to that airline’s system. This covert form of hacking, known as ‘card-skimming’, is though to be the same technique used in the Ticketmaster breach in June 2018. The similar tactics employed in both cases is leading researchers to believe that the hacking group Magestaff could be behind the thefts.

If you were affected by the British Airways data breach then you have the right to sue for compensation. Send us a message using the form below to get your case started.

Data Breaches Help is run by Cobleys Solicitors Ltd., one of the largest specialist litigation practice on Merseyside and recommended by The Times as one of the Top 200 Law Firms in the UK.