Reseller News

British Airways: further 185,000 payment cards possibly hit in cyber attack

Takes total number of payment cards potentially affected by the hack to 429,000
  • Reuters (Channel Asia)
  • 26 October, 2018 05:45

International Airlines Group said an investigation into the theft of customers' data at its British Airways unit showed hackers may have stolen the personal information of a further 185,000 customers.

British Airways apologised in September after the credit card details of hundreds of thousands of its customers were stolen over a two-week period in the most serious attack on its website and app.

The airline said that it was notifying the holders of another 77,000 payment cards that the name, billing address, email address, card, payment information including card number, expiry date and security codes had potentially been compromised, and a further 108,000 without the security code.

British Airways also revised down its original estimate of 380,000 cards compromised, saying only 244,000 of those were affected.

This takes the total number of payment cards potentially affected by the hack to 429,000.

However, British Airways confirmed that it had no verified cases of fraud since the announcement on 6 September, adding that potentially impacted customers were only those making reward bookings between 21 April and 28 July and who used a payment card.

A British Airways spokeswoman told Reuters the airline would reimburse customers who suffered financial losses as a direct result of the data theft.

The attack came 15 months after the carrier suffered a computer system failure at London's Heathrow airport, which stranded 75,000 customers over a holiday weekend.

The news comes days after Cathay Pacific Airways confirmed that data of about 9.4 million passengers of Cathay and its unit Hong Kong Dragon Airlines had been accessed without authorisation.

Cathay said 860,000 passport numbers, about 245,000 Hong Kong identity card numbers, 403 expired credit card numbers and 27 credit card numbers with no card verification value (CVV) were accessed in the breach.

(Reporting by Arathy S Nair and Noor Zainab Hussain in Bengaluru; Editing by Elaine Hardcastle and David Holmes)