British Airways discovers second data hack
Written by Hannah McGrath
British Airways has discovered that 185,000 more customer accounts than originally thought could have been compromised by cybercriminals who stole personal data including payment card details during a series of breaches earlier this year.
Last night, the company confirmed that internal investigations since the first breach was uncovered in September had revealed that the holders of an additional 77,000 customers could have had their card information - including numbers and expiry dates - compromised in a newly discovered hack that took place between April and July.
A further 108,000 customers’ card details without CVV security numbers may also have been affected, the company said, adding that the hack had potentially impacted customers making reward bookings with payment cards between 21 April and 28 July this year.
In a statement posted on the company’s website last night, British Airways said the investigation with cyber forensic investigators and the National Crime Agency had established that 244,000 payment card details had potentially been affected overall, rather than the 380,000 cases initially reported when the first breach was uncovered on 6 September.
The total number of customers affected in both hacks now totals 429,000.
The investigation found no cases of verified fraud as a result of the hack, but the statement warned: “While we do not have conclusive evidence that the data was removed from British Airways’ systems, we are taking a prudent approach in notifying potentially affected customers, advising them to contact their bank or card provider as a precaution.”
Customers who have not been contacted by British Airways by 5pm today (Friday) do not need to take further action, the company said.
The statement continued: “We are very sorry that this criminal activity has occurred. As we have been doing, we will reimburse any customers who have suffered financial losses as a direct result of the data theft and we will be offering credit rating monitoring, provided by specialists in the field, to any affected customer who is concerned about an impact to their credit rating.”
The company is offering customers free credit rating monitoring from Experian, which earlier this month confirmed it had suffered a major hack attempt which could have exposed the private information of 15 million customers.
Responding to the latest developments, Ross Brewer, vice president at security intelligence company LogRhythm said: “The fact that both data breaches have taken place in the last six months is extremely worrying – and very embarrassing for the airline.
“It is crucial that organisations learn from these high profile breaches and recognise the responsibility they have in protecting their customers’ data,” he added.