British Airways Data Breach Takes Off Again with 185K More Victims

British Airways Data Breach Takes Off Again with 185K More Victims

The news comes on the heels of a breach at Cathay Pacific exposing 9.4 million people.

British Airways said that the data breach it first reported in September is larger than previously thought. It has added an additional 185,000 victims to the official tally.

The airline said that hackers may have stolen personal data connected to an additional 77,000 payment cards, including name, billing address, email address and card payment information – including card number, expiry date and CVV. And, it uncovered a further 108,000 cards that were exposed without CVV.

In the plus column, of the 380,000 payment cards originally thought to be compromised, only 244,000 of those were actually affected, upon investigation. The net total for the entire breach now stands at 429,000.

The impacted customers were those using their air miles to book flights on the website between April 21 and July 28 of this year, and who used a payment card.

“While we do not have conclusive evidence that the data was removed from British Airways’ systems, we are taking a prudent approach in notifying potentially affected customers, advising them to contact their bank or card provider as a precaution,” the airline said in a website notice. “Crucially, we do not have any verified cases of fraud.”

The breach is believed to have been carried out by the Magecart group, which specializes in e-commerce attacks. According to RiskIQ researchers last month, there were suspicious scripts on the baggage claim information page of the British Airways’ website – which then collected data from visitors and sent it back to the threat actors’ server ... Click Here