British Airways says 185,000 more customers affected by second hack attack

Customers who made reward bookings between April and July thought to be at risk of earlier hack on the airline

BA plane in flight

An internal investigation into British Airway's September data breach has uncovered a second, earlier hack on the company's website.

The investigation revealed that customers who made reward bookings - booking linked with Avios reward currency - with a payment card between April 21 and 28 July 2018 could potentially be at risk.

The airline said that hackers may have stolen additional personal data that it had not previously notified its customers about and that a further 185,000 more customers could have potentially had their data compromised.

"The investigation has shown the hackers may have stolen additional personal data and we are notifying the holders of 77,000 payment cards, not previously notified, that the name, billing address, email address, card payment information, including card number, expiry date and CVV have potentially been compromised, and a further 108,000 without CVV," a BA spokesman said.

"The potentially impacted customers were those only making reward bookings between April 21 and July 28, 2018, and who used a payment card."

Since the airline confirmed the attack 6 September 2018, it has been working with specialist cyber forensic investigators and the National Crime Agency to investigate the incident.

According to cybersecurity firm RiskIQ, the hack that took place in late August was just 22 lines of javascript, embedded into the companies website, but so far, the airline hasn't given any details of how this prequel hack was administered. It is yet another incident of cybercrime hitting the aviation industry with Air Canada and, more recently, Cathay Pacific, both reporting data breaches.

"In what is rapidly becoming a bad week for international travellers following news of the Cathay Pacific breach, the fact that British Airways have now announced that a further 185,000 passengers may have been affected by a breach over a three-month period brings to the fore questions on how the travel and hospitality industry is effectively securing their network and customer data," said Rusty Carter, VP of product management at cyber security company Arxan Technologies.

"While the gap in [BA's] security may have been plugged back in September, it is concerning that this incident, which went on for a considerably longer period of time than the previous two-weeks, has only now been uncovered as part of an ongoing investigation by the airline, cyber forensic investigators and the National Crime Agency."

BA said it was "very sorry" that criminal activity had occurred on its website and that it will reimburse any customers who have suffered financial losses as a direct result of the data theft.

Featured Resources

Key considerations for implementing secure telework at scale

Identifying the security risks and advanced requirements of a remote workforce

Download now

The State of Salesforce 2020

Your guide to getting the most from Salesforce

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Rethink your cybersecurity strategy for the new world

5 steps to secure the enterprise and be fit for a flexible future

Download now

Recommended

Andrew Daniels joins Druva as CIO and CISO
Cloud

Andrew Daniels joins Druva as CIO and CISO

22 Jul 2020
University of California gets fleeced by hackers for $1.14 million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Australia announces $1.35 billion investment in cyber security
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
CSA and ISSA form cyber security partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
How do I fix the Windows 10 Start Menu if it's frozen?
operating systems

How do I fix the Windows 10 Start Menu if it's frozen?

3 Aug 2020