In September, British Airways informed its customers of a massive data breach. The breach saw some 380,000 people affected, with personal information like their names, address, and credit card details stolen. Now, it seems, we can add another 185,000 customers to the list with 77k customers losing some highly sensitive data.
British Airways’ Data Breach Affected Extra 77K Users
British Airways’ Data Breach – The Full Story
Initially, British Airways found that a group by the name of MageCart infected their website with a customized card-skimming script. The malicious script effectively managed to steal the personal information of up to 380K British Airways customers who purchased a ticket from the airline between August 21 and September 1, 2018.
Now, it turns out that another breach occurred between April 21 and July 2. According to the carrier, it notified up to 77k customers on October 26th about the new findings. To add to the new revelation, victims seem to fall into 2 distinct groups. The 77k passengers had their credit card details with the CVV stolen and 108K had their details without the CVV stolen.
According to the airline, customers who have not heard anything from British Airways by October 26th, 17:00 GMT do not need to worry about their information.
The investigation is still underway and to date, BA has no conclusive evidence that the accessed data was used. That being said, ICO, the Information Commissioner’s Office, released the following statement:
“The ICO’s investigation into a cyber attack at British Airways is ongoing. Meanwhile, we advise people who may have been affected to be vigilant when checking their financial records and to follow the advice on the ICO, National Cyber Security Centre and Action Fraud websites about how they can protect themselves and their data online.”
British Airways did apologize to its affected customers. It also confirmed that it will refund all affected customers in full.
British Airways’ Data Breach – Final Thoughts
British Airways is not the only airline to suffer a major data breach this year. While it’s easy to throw blame at anyone but ourselves, it might be time to start looking into our own e-purchasing habits instead. Buying things, including tickets, online does make our lives infinitely easier, but we do need to take some precautions before we get click-happy with our credit cards. Honestly? A disposable e-card never hurt anyone, either.