British Airways has provided an update following disclosure of a data breach last month.
Firstly, the good news, if you can really call it that. Since disclosing that 380 000 payment details may have been compromised the airline has found that only 244 000 details were affected.
“Crucially, we have had no verified cases of fraud,” wrote British Airways.
Now for the bad news.
The investigation into the breach has revealed that an additional 185 000 card holders may have had personal information compromised.
“The investigation has shown the hackers may have stolen additional personal data and we are notifying the holders of 77,000 payment cards, not previously notified, that the name, billing address, email address, card payment information, including card number, expiry date and CVV have potentially been compromised, and a further 108,000 without CVV,” said British Airways.
“The potentially impacted customers were those only making reward bookings between April 21 and July 28, 2018, and who used a payment card,” the airline added.
British Airways says that it does not have conclusive evidence that data from these customers ever left its systems but it is taking precautionary measures.
Customers who have received an alert from British Airways should contact their bank or card provider.
“We are very sorry that this criminal activity has occurred. As we have been doing, we will reimburse any customers who have suffered financial losses as a direct result of the data theft and we will be offering credit rating monitoring, provided by specialists in the field, to any affected customer who is concerned about an impact to their credit rating,” the airline concluded.