Shares in IAG, the British Airways and Aer Lingus owner, fell sharply at one stage after the airline group gave details of a huge cyber attack that exposed the banking details of 380,000 British Airways customers to hackers.
The shares plunged 3% at one stage and ended 1.3% lower as British Airways apologised for the incident, which it said it had publicised as soon as it became aware of the cyber attack on bookings made between August 21 and September 5.
IAG — which also owns Veuling — has tapped the huge increase in airline business despite rising fuel costs.
Despite yesterday’s slide, the shares are still up 18% in the past year, valuing the group at £13.46bn (€14.95bn).
“BA said that the attack was a sophisticated breach of its security system but this is the last in a series of IT problems the company has had this year, including IT issues which caused flights in and out of Heathrow airport to be cancelled,” said Fiona Cincotta, senior market analyst at Cityindex.
Around 380,000 card payments were compromised, the airline said, with hackers obtaining names, street, and email addresses, credit card numbers, expiry dates, and security codes — sufficient information to steal from accounts. BA said the attackers had not broken the airline’s encryption but did not explain exactly how they had obtained the customer information.
IT security company Avast said that based on the limited information available, the attackers had probably targeted a gateway between the airline and a payment processor because no travel details had been stolen.
Additional reporting: Reuters