The data breach suffered by the British Airways airline is worse than initially thought, according to IAG firm that wons the airline further 185,000 customers may have had impacted in the incident.
The data breach suffered by the British Airways airline is worse than initially thought, according to IAG firm that owns the airline, further 185,000 customers may have had impacted in the incident.
An investigation conducted by researchers at RiskIQ revealed that the attack was carried out by a crime gang tracked as MageCart.
Hackers accessed personal and financial data of additional 77,000 payment card holders, including name, billing address, email address, card payment information.
Additional 108,000 customers’ personal details without card verification value have also been compromised.
“While we do not have conclusive evidence that the data was removed from British Airways’ systems, we are taking a prudent approach in notifying potentially affected customers, advising them to contact their bank or card provider as a precaution. Customers who are not contacted by British Airways by Friday 26 October at 1700 GMT do not need to take any action.” reads the statement published by British Airways.
“In addition, from the investigation we know that fewer of the customers we originally announced were impacted. Of the 380,000 payment card details announced, 244,000 were affected. Crucially, we have had no verified cases of fraud.”
IAG confirmed that the company has been “working continuously with specialist cyber forensic investigators and the National Crime Agency to investigate fully the data theft.”
The spokesperson for British Airways said that the company has contacted all affected customers via email before 5 pm on Friday, and plans to compensate affected customers.
At the time of writing, British Airways declared there had been no verified cases of fraud since it disclosed the security breach.
To read the original article:
https://securityaffairs.co/wordpress/77408/data-breach/british-airways-data-breach.html