British Airways (BA) boss Alex Cruz said customers who were financially affected by a data breach at the airline will be fully compensated.
Shares in BA's parent company International Consolidated Airlines Group PLC (LON:IAG) dropped 2% to 666p on Friday afternoon trading after admitting the personal and financial details of customers who made bookings through ba.com or the airline's mobile app between August 21 and September 5 were stolen.
About 380,000 transactions were compromised but the stolen data did not include travel or passport details.
IAG said BA is “investigating, as a matter of urgency” the cyber hack and has notified the police and relevant authorities.
The breach has been resolved and the BA website is up and running.
A 'malicious criminal attack'
Cruz told the BBC's 'Today' programme that the data breach was a "sophisticated, malicious criminal attack".
He said the company was "100% committed to compensate" customers.
"We are committed to working with any customer who may have been financially affected by this attack, and we will compensate them for any financial hardship that they may have suffered."
He added: "We're extremely sorry. I know that it is causing concern to some of our customers, particularly those customers that made transactions over BA.com and app."
Customers claim BA failed to contact them about hack
Customers have complained that British Airways had failed to contact them directly about the incident. One customer, Stephanie Jowers, told the Daily Telegraph that she had contacted the airline before the hack was announced on Twitter with concerns about charges on her account but was told that her details may have been stolen.
Guidelines from the Information Commissioner’s Office (ICO), the independent regulator that upholds information rights in Britain, state that people must be informed if the breach is likely to result in a “high risk of adversely affecting individuals’ rights and freedoms”.
A spokesman for the ICO said it would be “making inquiries” into the British Airways hack.
It’s not the first time an airline has been hacked with Thomas Cook Group PLC (LON:TCG) admitting in July that the names, email and flight details of customers had been accessed and US airline Delta reporting two breaches during September and October last year.