British Airways Hack Was Much Bigger Than First Admitted

The cyber-attack on British Airways affected even more customers than originally thought, according to its owner IAG.

A further 185,000 customers might have had their personal details stolen during the hack, it said.

The group said in a stock exchange announcement that as part of an investigation into a cyber breach that took place earlier this year, it is contacting two groups of customers not previously notified.

This includes the holders of 77,000 payment cards whose name, billing address, email address, card payment information, including card number, expiry date and Card Verification Value, have potentially been compromised.

A further 108,000 people's personal details without Card Verification Value have also been compromised.

Those impacted were people making reward bookings between April 21 and July 28, 2018, and who used a payment card.

In September, thousands of BA customers had to cancel their credit cards after the airline admitted that a 15-day data hack had compromised 380,000 payments, prompting a criminal inquiry led by specialist cyber officers from the National Crime Agency (NCA).

The firm said today that of the 380,000 payment card details identified, 244,000 were affected.

"While British Airways does not have conclusive evidence that the data was removed from its systems, it is taking a prudent approach in notifying potentially affected customers, advising them to contact their bank or card provider as a precaution," IAG said.

"Since the announcement on September 6, 2018, British Airways can confirm that it has had no verified cases of fraud."

British Airways is facing a multimillion-pound fine as a result of the data breach, which the airline's chief executive described as a "malicious criminal attack".

Cyber criminals behind the attack obtained enough credit card details to use them, and BA now faces a possible fine of around £500 million over the breach, with the Information Commissioner's Office (ICO) also investigating the incident.

BA's data breach took place after the introduction of the new Data Protection Act, which includes the provisions of the new European General Data Protection Regulation (GDPR). 

Under the new regulations, the maximum penalty for a company hit with a data breach is a fine of either £17 million or 4% of global turnover, whichever is greater. 

In the year ended December 31 2017, BA's total revenue was £12.2 billion, meaning the company could face a fine of around £500 million if the ICO takes action.

Independent:

You Might Also Read:

The BA Hack And How Not To Respond To A Cyber Attack

« Pay-As-You-Go Cybersecurity
School Training On Child Abuse And Cyber Security »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Clearpath Solutions Group

Clearpath Solutions Group

Clearpath Solutions Group expertise covers virtualization and data storage technologies, networking, security and cloud computing.

CloudEndure

CloudEndure

CloudEndure offers Disaster Recovery and Continuous Replication for the Cloud.

Lumeta

Lumeta

Lumeta’s cyber situational awareness platform is the unmatched source for enterprise network infrastructure analytics and security monitoring for breach detection.

Vera Security

Vera Security

Vera is a data security platform that provides 360-degree visibility and control over critical business data, anywhere it's shared or stored.

Jamcracker

Jamcracker

Jamcracker is a cloud services management and cloud governance solutions company, with more than a decade of experience providing industry leading software and services.

CyberArts

CyberArts

CyberArts is founded on the belief that every single organization deserves and requires the creme de la creme when there is a need for Cyber services.

Infosec Partners

Infosec Partners

Whether you’re looking for complete managed security or an on-call expert advisor, we offer a range of managed security services to complement your internal team or primary outsource partner.

GV (Google Ventures)

GV (Google Ventures)

GV provides venture capital funding to bold new companies in the fields of life science, healthcare, artificial intelligence, robotics, transportation, cyber security and agriculture.

BrandShield

BrandShield

BrandShield is an anti-counterfeiting, anti-phishing and online brand protection solution.

Cyber Gate Defense (CyberGate)

Cyber Gate Defense (CyberGate)

CyberGate is an Emirati establishment founded with an objective to provide cyber security services that would improve the overarching cyber security posture of the UAE.

SightGain

SightGain

SightGain is the only integrated risk management solution focused on cybersecurity readiness using real-world attack simulations in your live environment.

CliftonLarsonAllen (CLA)

CliftonLarsonAllen (CLA)

CLA exists to create opportunities for our clients through industry-focused advisory, outsourcing, audit, tax, and consulting services.

Endure Secure

Endure Secure

Endure Secure is a managed cyber security & information security consultancy. Our passion for IS and our understanding of the threat landscape is reflected in the services that we provide.

Ontinue

Ontinue

Ontinue ION is an MXDR service that provides Nonstop SecOps through five key capabilities that enable your organization to respond to attacks and continuously reduce risk.

Hook Security

Hook Security

Setting a new standard in security awareness. Hook Security is a people-first company that uses psychological security training to help companies create security-aware culture.

BCX

BCX

BCX, a subsidiary within Telkom Group, is one of Africa’s largest systems integrator and digital transformation partners for enterprises and public sector organisations.