British Airways staff have bank details exposed in latest cyber security breach  

British Airways plane grounded on a runway

UK staff of British Airways have had their bank, contact details, and national insurance numbers accessed by hackers. Around 34,000 UK employees could now be at risk of phishing, theft, fraud, and other attacks. If you receive notification that you are affected by the British Airway’s data breach, register below to make a no-win, no-fee compensation claim.

Crucially, an employer cannot fire you or harm your career in any way if you make a claim. British Airways would be breaking employment law if it did, and any action could be classed as discrimination.

How did the latest British Airways data breach happen?

The data breach happened after hackers – believed to be part of a Russian crime group – exploited a security flaw in the MOVEit software. The breach affects several global organisations that use this software.

Payroll provider Zellis is one organisation affected. Zellis provides payroll support services to hundreds of companies in the UK, including BP, Coca-Cola, GSK, Tesco and Vodafone. Eight of its clients are said to be impacted by the breach, including British Airways.

The MOVEit file transfer software claims to provide secure and compliant file transfers for sensitive data within and between organisations. However, the vulnerability – which was flagged by the U.S. Cybersecurity and Infrastructure Security Agency – has been exploited by cybercriminals.

Commenting on the breach, a spokesperson for BA said:

“We have been informed that we are one of the companies impacted by Zellis’ cybersecurity incident which occurred via one of their third-party suppliers called MOVEit,”

“This incident happened because of a new and previously unknown vulnerability in a widely used MOVEit file transfer tool. We have notified those colleagues whose personal information has been compromised to provide support and advice.”

As well as British Airways, some of the world’s largest organisations, 1,700 software companies, and some 3.5 million developers are believed to use MOVEit. In the UK, Boots and the BBC are also thought to have been affected by the hack.

Staying safe after the British Airways employee data breach

As stolen information is often used by cybercriminals, British Airways employees are at risk of cyber fraud and scams. As such, BA employees should take immediate steps to protect themselves. 

Protect your finances following the BA data breach  

Information stolen in breaches is often used to commit cybercrimes. Privacy violations have resulted in fraud, blackmail, and identity theft, so data breach victims are at high risk of being targeted by cybercriminals.  

Watch out for further attacks and attempts to extract additional information from you 

Phishing fraudsters contact you using emails, texts, and other forms of communication. They disguise themselves as someone you trust. Their goal is to trick you into giving them your personal information (e.g. usernames, passwords, credit card details, etc.) and steal from you. Phishing often happens following a data breach, as criminals use the data exposed in breaches to trick people into believing they are genuine. 

A history of data breaches at British Airways

This is not the first time BA has been affected by a data breach. In 2018, almost 400,000 British Airways customers had their personal details and bank cards stolen in one of the most severe cyber-attacks in UK history. The breach happened when hackers managed to access the British Airways website and mobile app. Cyber-criminal gang Magecart is believed to be behind the British Airways data breach.  

Our firm represented many clients in this case. In fact, we were one of only two firms to pursue legal action against British Airways and, in 2021, we were delighted to secure a settlement for those affected (the resolution did not include any admission of liability by BA).  

You can find out more about the 2018 BA data breach here.  

Claim compensation for the latest British Airways data breach

KP Law has launched an action to help those involved in the British Airways data security failure claim compensation for any distress or financial losses experienced because of this breach.  We urge anyone affected to register with us. 

In March 2024, our firm changed its name to KP Law. 

Share this article: