After British Airways declared that customer's financial and personal details were stolen from their website and mobile app servers, the company is now investigating the matter. The data of transactions which had taken place for two weeks from August 21 to September 5, was compromised.
The company has said that the stolen data did not include travel or passport information but had information about personal and financial details related to as many as 380,000 card payments. British Airways CEO and Chairman has apologised for the intrusion of their website and app that caused this incident. It has also said that it will contact the affected customers individually and inform them about he incident so that they can block their cards using their financial service providers. The company will pay for any financial loss caused due to this hack for individual basis after proper investigation.
Although, BA insisted it has fixed all problems and now its websites are running normally, Google Chrome is still reporting that the web page is not secure. It is warning users before they enter any sensitive information like passwords or credit card details. The homepage of British Airways website shows a security lock icon, however the same cannot be said about its booking page.
Chrome's web developer tools shows that the web page has a mix of "secure and insecure content". The problematic element as identified by the tool is a form that targets an insecure endpoint.