The data breach suffered by the British Airways airline is worse than initially thought, according to IAG firm that owns the airline, further 185,000 customers may have had impacted in the incident.
Hackers accessed personal and financial data of additional 77,000 payment card holders, including name, billing address, email address, card payment information.
Additional 108,000 customers’ personal details without card verification value have also been compromised.
“While we do not have conclusive evidence that the data was removed from British Airways’ systems, we are taking a prudent approach in notifying potentially affected customers, advising them to contact their bank or card provider as a precaution. Customers who are not contacted by British Airways by Friday 26 October at 1700 GMT do not need to take any action.” reads the statement published by British Airways.
“In addition, from the investigation we know that fewer of the customers we originally announced were impacted. Of the 380,000 payment card details announced, 244,000 were affected. Crucially, we have had no verified cases of fraud.”
IAG confirmed that the company has been “working continuously with specialist cyber forensic investigators and the National Crime Agency to investigate fully the data theft.”
The spokesperson for British Airways said that the company has contacted all affected customers via email before 5 pm on Friday, and plans to compensate affected customers.
At the time of writing, British Airways declared there had been no verified cases of fraud since it disclosed the security breach.
(Security Affairs – hacking, data breach)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.