News broke this week of a hack on British Airways which took place over two weeks in August—but was not disclosed by the company until now.
Reports claim that the financial information of 380,000 British Airways customers was stolen in the hack, which has been blamed on the theft of sensitive bank card verification codes.
When businesses receive payments online, the customer inputs their card verification value (CVV) code in order to verify their card and use it easily. However, merchants are not permitted to store this particular piece of information, as it allows customer bank cards to be used much more easy.
BA has stated that it does not store CVV codes, and with this in mind, representatives from high street bank RBS said:
This looks like the hack has taken place during the payments process rather than on a database.
RBS is one of several banks which has had to replace customer bank cards thanks to the hack. However, replacing the affected cards may not be enough to stop the financial data being used.
The CVV codes could have been stolen during the customer input process, or perhaps during the authorisation of the card details. The fact that the exact point of theft cannot be clarified will not bring any peace of mind to BA customers who have potentially been affected.
Indeed, some customers may not even know yet if their details have been compromised.
A spokesman from Santander said:
It usually takes a few weeks for bad people to get hold of the stolen data and to use it to try and defraud customers. Replacing the cards mitigates this risk but it does not eliminate it.
Whether or not banks can claim compensation from BA is yet to become clear, but the company is likely to face fines related to the security breach.