British Airways has confirmed a security breach and the unauthorized access of thousands of frequent flyer accounts, but remains sketchy on the details.
Over the weekend, the airline admitted that tens of thousands of frequent flyer accounts have been compromised, resulting in accounts being frozen until the issue is resolved. In turn, it is unlikely that flyers will be able to cash in or spend their points until the problem has been solved.
A company spokesperson told The Guardian that no personal information is believed to have been stolen, and no data such as names, addresses, credit card details, travel histories or other personal identifying information has been accessed. The spokesperson said:
"British Airways has become aware of some unauthorised activity in relation to a small number of frequent-flyer executive club accounts. This appears to have been the result of a third party using information obtained elsewhere on the internet, via an automated process, to try to gain access to some accounts."
It is currently not known who is behind the system intrusion.
While the British Airways frequent flyer club attracts thousands of members as it is free to join, the hack has only impacted on a small fraction of users. However, on Twitter, some flyers have been voicing their concerns. In one exchange, a flyer complained their Avios -- the frequent flyer points currency spent on flight upgrades and services -- had been stolen. According to forum posts, many account points have been set to zero or customers locked out entirely.
In an email to some of those affected, the UK-based firm said accounts have been placed in lockdown to protect them from further access, and passwords have also been changed and require resets. Avios points have also been temporarily suspended. BA told customers:
"We are sorry for the concern and inconvenience this matter has caused and would like to reassure customers that we are taking this incident seriously."
The airline says the security issues are likely to be resolved in the next few days.
ZDNet has reached out to British Airways and will update if we hear back.
Read on: In the world of security
- Yahoo launches password-free logins
- Feds hot on the trail of JPMorgan hackers
- EquationDrug: Sophisticated, stealthy data theft for over a decade
- Symantec research highlights security failures in the connected home
- New CryptoLocker ransomware targets gamers
Read on: Fixes and Flaws