Now BA admits card-hacking has hit 430,000
BRITISH Airways has revealed the card details of another 185,000 passengers have been stolen by cyber criminals.
In a stunning admission, the airline said hackers first broke into its IT systems on April 21 – more than four months before it finally noticed the breach and secured them.
Britain’s flagship carrier revealed last month that hackers had skimmed the card details and personal information of 380,000 customers – later downgraded to 244,000 – who made payments on its website and app between August 21 and September 5.
But in a statement to the stock market yesterday, it revealed the National Crime Agency and ‘cyber forensic’ investigators had discovered the same hackers ‘may have stolen additional personal data’ months earlier.
The airline said it is now notifying 77,000 extra customers that criminals may have taken their card payment information, including the crucial three digit CVV security code on the back. A further 108,000 card details have ‘potentially been compromised’ without the security code, it said.
This means BA now believes that just under 430,000 card details have been stolen.
All were making ‘reward bookings’ online between April and July, using frequent flyer points to help pay for flights.
The stolen details include everything needed to commit fraud – from names and addresses to all payment information. BA promised all affected customers will be sent emails to notify them of the breach by 5pm today. It said: ‘While we do not have conclusive evidence that the data was removed from British Airways’ systems, we are taking a prudent approach in notifying potentially affected customers, advising them to contact their bank or card provider as a precaution.’
To add to the confusion, the airline said investigators had discovered 244,000 card details were stolen in August and September – 136,000 fewer than first feared.
The airline is already facing a possible fine of up to £500million from the Information Commissioner’s Office over the hack, as well as a large compensation bill.
Alex Neill, of consumer group Which?, said: ‘It’s alarming that six weeks on from the initial news breaking, we’re hearing that even more British Airways customers may have been affected by this shocking data breach.’
He advised anyone worried about fraud to consider changing their passwords, monitor their bank accounts and be on the lookout for scam emails.
BA said it was ‘sorry this criminal activity has occurred’ and promised to reimburse customers ‘who have suffered financial losses as a direct result of the data theft’.