British Airways have just revealed that from 22:58 BST August 21 2018 until 21:45 BST September 5 2018 inclusive, the personal and financial details of 400,000 customers making bookings on ba.com and the airline’s app were compromised.
It appears that hackers may have taken identity information and card details, but not passport details.
The level of protection applied to many airline websites is frankly dire. I’ve only come across one – Finnair – that uses two factor authentication – websites like BA, Virgin Atlantic and so in have low level password and security protection.
Virgin for example actually limit the character types and length so severely the password is almost a waste of time.
Let this be a wake up call to all airlines that their security is generally weak and customers will need to adapt to protect their data – and so will airlines who value customer ease of use above security.