British Airways hack: Huge cyber attack was even bigger than thought, airline says
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.The cyber attack on British Airways affected even more customers than originally thought, according to its owner IAG.
A further 185,000 customers might have had their personal details stolen during the hack, it said.
The group said in a stock exchange announcement that as part of an investigation into a cyber breach that took place earlier this year, it is contacting two groups of customers not previously notified.
This includes the holders of 77,000 payment cards whose name, billing address, email address, card payment information - including card number, expiry date and Card Verification Value - have potentially been compromised.
A further 108,000 people's personal details without Card Verification Value have also been compromised.
Those impacted were people making reward bookings between April 21 and July 28, 2018, and who used a payment card.
In September, thousands of BA customers had to cancel their credit cards after the airline admitted that a 15-day data hack had compromised 380,000 payments, prompting a criminal inquiry led by specialist cyber officers from the National Crime Agency (NCA).
The firm said today that of the 380,000 payment card details identified, 244,000 were affected.
"While British Airways does not have conclusive evidence that the data was removed from its systems, it is taking a prudent approach in notifying potentially affected customers, advising them to contact their bank or card provider as a precaution," IAG said.
"Since the announcement on September 6, 2018, British Airways can confirm that it has had no verified cases of fraud."
British Airways is facing a multimillion-pound fine as a result of the data breach, which the airline's chief executive described as a "malicious criminal attack".
Cyber criminals behind the attack obtained enough credit card details to use them, and BA now faces a possible fine of around £500 million over the breach, with the Information Commissioner's Office (ICO) also investigating the incident.
BA's data breach took place after the introduction of the new Data Protection Act, which includes the provisions of the new European General Data Protection Regulation (GDPR).
Under the new regulations, the maximum penalty for a company hit with a data breach is a fine of either £17 million or 4% of global turnover, whichever is greater.
In the year ended December 31 2017, BA's total revenue was £12.2 billion, meaning the company could face a fine of around £500 million if the ICO takes action.
Additional reporting by agencies
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments