British Airways warns that a further 185,000 customers were hit by security breach

Credit card details of a further 185,000 customers almost certainly compromised in BA payments hack in August

British Airways has admitted that the personal details of a further 185,000 customers may have been compromised in its August data breach - and that their credit details were almost certainly compromised, too.

The company admitted the breach at the beginning of September, warning that its website and mobile app had been hacked between 21 August and 5 September. At the time, it claimed that 380,000 customer credit card details had been stolen.

The group behind the attack has been identified as the same one behind the Ticketmaster hack earlier this year.

Now, British Airways has released an updated statement admitting that a further 185,000 customers could have been affected.

Its investigation, carried out with specialist cyber forensic investigators and the National Crime Agency, revealed that hackers "may have stolen" payment details, including CVV numbers, of an additional 77,000 customers.

A further 108,000 also saw their payment details, without CVV, "potentially compromised" during the incident.

We will reimburse any customers who have suffered financial losses as a direct result of the data theft and we will be offering credit rating monitoring

Those "potentially impacted customers" were those making reward bookings between 21 April 21 and 28 July 2018, BA said, and who used a payment card.

"While we do not have conclusive evidence that the data was removed from British Airways' systems, we are taking a prudent approach in notifying potentially affected customers, advising them to contact their bank or card provider as a precaution," the company said.

In addition, BA said that its investigation shows know that fewer of the customers we originally announced were affected. Of the 380,000 payment card details announced, 244,000 had details stolen, and the airline says it has seen no verified cases of fraud.

"We are very sorry that this criminal activity has occurred. As we have been doing, we will reimburse any customers who have suffered financial losses as a direct result of the data theft and we will be offering credit rating monitoring, provided by specialists in the field, to any affected customer who is concerned about an impact to their credit rating," BA's statement concluded.

BA's admission came hot on the heels of an admission by Hong Kong airline Cathay Pacific that the personal details of as many as 9.4 million passengers had been compromised in an attack in March this year. That breach, too, also saw credit card details stolen by the attackers.

IT security failings are, increasingly, costing CISOs, CIOs and CEOs their jobs.

With business utterly dependent on IT, it's not enough for senior executives to dismiss security as ‘techie stuff'. At Computing's Enterprise Security & Risk Management Live event, hear from the National Crime Agency, ex-hackers and big-business CISOs to learn about how they are tackling cyber security.

For more information, check out the dedicated event website. Attendance is FREE to IT leaders and senior IT pros.