British Airways owner IAG has said that a further 185,000 customers may have had their personal data compromised during a 15-day cyber attack earlier this year.
The new British Airways customers who are potentially affected fall into two groups:
- 77,000 bank cards where the name, billing address, email address, card payment information – including card number, expiry date and card verification value (CVV) – have potentially been compromised.
- 108,000 customers’ personal details without CVV have also been compromised.
The potentially affected customers are in addition to the 380,000 people who were originally notified last month that their card details could have been stolen in the breach.
The hack prompted a criminal inquiry led by specialist cyber officers from the National Crime Agency (NCA).
It found that, of the 380,000 payment card details identified, 244,000 were affected.
Since the first announcement about the breach, British Airways has had no verified cases of fraud.
How do I know whether I’ve been affected by the breach?
The customers affected by the British Airways data breach were those who made reward bookings between 21 April and 28 July 2018 and who used a payment card.
If you’ve been affected by the breach, British Airways will have emailed you.
What do I do if I’ve been affected?
If you’ve been affected by the British Airways data breach, you should contact your bank immediately, so it can monitor your account for suspicious transactions. If necessary, your bank will replace your card.
It’s also a good idea to keep an eye on your account yourself, as you know your own spending patterns better than anyone.
We have more free information on what your rights are when you’ve been part of a data breach on our Consumer Rights site.
Which? managing director of home products and services Alex Neill said: ‘It’s alarming that, six weeks on from the initial news breaking, we’re hearing that even more British Airways customers may have been affected by this shocking data breach.
‘Passengers will be deeply concerned it’s taken so long for the company to reveal the full extent of this huge hack.
‘Anyone worried they could be at risk of fraud should consider changing their online passwords, monitor bank and other online accounts and be wary of emails regarding the breach, as scammers may try and take advantage of it.’
Could British Airways be fined for the breach?
The cyber attack on the airline happened after the new General Data Protection Act came into force, so it potentially faces a multi-million-pound fine.
The Information Commissioner’s Office (ICO) is investigating the incident and could hand down a fine of up to 4% of global turnover, if it thinks that British Airways was at fault.
Last year, British Airways’s total revenue was £12.2 billion. That means it could be fined up to £500 million if the ICO takes action.