British Airways Apologizing After Massive Data Breach

Another major company is apologizing for a data breach. This time, the company in the crosshairs is British Airways, which recently admitted 380,000 customers had been exposed in a data breach that happened between August 21 and September 5.

The breach is being called “the worst in British Airways history” and specifically affected consumers who booked through the company’s website or mobile app, which, these days, could be pretty much anyone.BA said no passport information was leaked, the company did admit that “personal and financial” details had been compromised. So, very bad news, all the way around. But, looking at the situation from a PR perspective, there are some things that British Airways did very well.

First, the chairman, Alex Cruz, came out and delivered a statement, describing the attack not as a hack but a sophisticated group of criminals gaining “illicit access” to the airline’s computers.

In that statement, Cruz alleviated any lingering fears that there had been a mysterious hack, and that more data may be at risk. When recovering from a PR crisis, any time you can eliminate fear by offering specific information, that’s a step in the right direction.

BA acted quickly, announcing the investigation into the matter and giving concerned consumers action they could take to learn more: “We are investigating the theft of customer data from our website and our mobile app, as a matter of urgency. For more information, please click the following link…”

The announcement and what customers could do came before the apology, which is the right order. Consumers may want to know you’re sorry, but they would rather know what they can do to have the best, most current information. In cases such as these, fear is the biggest enemy.

There was an apology, though, and it was specific and detailed: “From 22:58 BST 21 August 2018 until 21:45 BST 5 September 2018 inclusive, the personal and financial details of customers making or changing bookings at ba.com, and on our app were compromised. The stolen data did not include travel or passport information. The breach has been resolved and our website is working normally.”

This was a good apology, because it had some details, some substance, as well as some reassurance. The dates in question were listed, allowing people to scratch themselves off the “potential breach list” if they booked before or after that time. Plus, BA announced that the breach had been resolved and that the danger had passed.

This apology tweet was followed by an even more in-depth personal letter from Cruz to consumers. That apology, once again, combined “deepest apologies” with action consumers could take to learn more and see how they may have been affected.

Throughout this crisis response, British Airways acted with the concerns of the consumer in mind, and that makes this response a winning strategy.