UK's flag carrier, British Airways, confirmed a cyber attack on September 6 that may have led to the theft of its customer data between August 21 and September 5. After working with cyber forensic experts and the National Crime Agency, the company announced today that more customers than previously revealed are potentially affected by the attack.
British Airways said it is alerting an additional group of customers to the potential compromise of their personal and payment details. Impacted data include the name, billing address, email address, card number, card expiry date, and CVV details of 77,000 payment cards and another 108,000 cards without CVV.
It's important to note, though, that the payment cards at risk are those used to make reward bookings from April 21 to July 28. The airline company is urging potentially affected customers to contact their bank or card provider and promises to offer a 12-month credit rating monitoring service and reimbursement for any financial losses related to the incident. British Airways made it clear, however, that there's currently no indication of fraudulent activities involving the payment details of its customers.
Overall, the cyber attack affected only a fewer subset of payment card details: 244,000 out of the 380,000 the company initially announced. While there has been no evidence that hackers may have already used the card details for nefarious activities, the incident highlights a growing concern over the cybersecurity posture of even the large companies such as British Airways.