Shares of British Airways' parent company IAG fell around 4% as markets opened on Friday morning, hours after the airline said the credit card information of at least 380,000 customers had been "compromised" in a data theft.
Customers who made bookings on the website had their personal and financial information compromised between August 31 and September 5.
In a statement released on Thursday (6 September), the airline said that the stolen data did not include travel or passport details - but did include other personal details as well as financial data.
The airline said the incident has been resolved and all systems are working normally.
While reacting to the unfortunate incidence, the airline's chairman Alex Crux apologized for the "the disruption" that the criminal activity may have caused its teeming customers.
Although BA promptly offered to compensate customers in case of losses (with customers having to trigger the process), the stolen data is more than enough to carry out online transactions and the company stands to take on huge losses.
Finally, Cruz stated, "At the moment, our number one objective is contacting those customers that made those transactions to make sure they contact their credit card bank providers so they can follow their instructions on how to manage that breach of data".More news: US Open: Nadal beats Dominic Thiem in epic quarter-final
Meanwhile, Tim Mackey, Technical Evangelist at Synopsys, said GDPR has placed us in a world where disclosure of data breaches are likely to occur before the full details of the attack are known. It is now vital that the company moves quickly to ensure those affected get clear information about what has happened and what steps they should take to protect themselves.
The Royal Bank of Canada said it has not yet seen any impact on its credit card customers.
The data watchdog has said it would be making inquiries into the incident.
The BBC reports that, based off British Airways' revenue for the year 2017, the maximum penalty imposed for this breach would be about $634 million. Please accept our deepest apologies for the worry and inconvenience that this criminal activity has caused.
The company's statement and FAQ page did not reveal how many customers were affected by the infiltration, but British Airways representatives told Gizmodo and other outlets that the number of "card payments" is now believed to be around 380,000.
"British Airways continues to investigate with the police and cyber specialists, and has reported the data theft to the Information Commissioner", the company's advisory stated.