As British Airways wrestles with the fallout of a massive data breach, a financial upstart has used the incident to promote the nimbleness of its own technology and customer service.
Monzo, a banking startup in London, says it identified about 1,300 potentially affected customers and ordered replacement cards for them within a few hours of the airline’s announcement. Monzo’s messages may have been the first warnings that some customers had of the data intrusion. Revolut, another fintech, also reached out to affected users within a few hours, offering replacement cards.
British Airways, meanwhile, appeared to be in full damage-control mode today (Sept. 7). The company took out newspaper ads to apologize and chief executive Alex Cruz fielded sharp questions on the BBC about reliability and trustworthiness. The airline said that some 380,000 transactions in recent weeks had been compromised by hackers who stole customers’ credit-card and payment information. The stock price of the airline’s parent company dropped about 4% in earlier trading.
Data breaches like those at Equifax, a credit bureau, and now British Airways, are inevitable, according to cybersecurity experts. The airline industry in particular is a major target—about 60% of login attempts are fraudulent, according to a report by Shape Security. While the British Airways breach appeared to differ from these stolen-credential attacks, the data help illustrate that airlines are among the many industries under constant pressure from hackers.
No company is immune to missteps and data intrusions. But Monzo’s reaction to the breach suggests a new, higher velocity reaction customers may begin to expect more of. While British Airways was apologizing in newspaper ads, Monzo customers were able to freeze payment cards using their app. When it came to potentially compromised bank cards, the airline could do little more than advise customers to contact their financial providers and “follow their recommended advice.” Monzo and Revolut customers had advice on dealing with the incident without having to ask for it.
There are lessons to be learned as hacking becomes more commonplace. While it’s important to do everything possible to prevent cyber attacks, security experts say it’s just about as important to plan for containing and responding to them. That could include things like automatic credit freezes and post-breach credit monitoring. Nimble technology and faster customer service could also help contain the damage.
It also means notifying consumers and watchdogs as soon as possible when a breach has been detected. Rules in Europe now require organizations to disclose data breaches more quickly. On average, however, it takes 15 months for companies to even detect a break-in, according to Shape. When personal data is stolen, consumers are usually the last to know. (After Ticketmaster UK disclosed a data breach in June, Monzo said that it had already warned the company months earlier of a likely intrusion.)
British Airways says it noticed signs of a breach on Sept. 5 and made an announcement of the breach the next day, after hackers stole data from customers using its website and app between Aug. 21 and Sept. 5 to buy tickets. The airline said travel details, like passport information, weren’t stolen and that it will compensate affected customers.
This story has been updated to include Revolut’s client notifications in the second paragraph.