British Airways owner, the IAG group has said that the data leak earlier this year is “bigger than initially thought” with a further 185,000 customers possibly victims of having their personal data taken during a hack to BA’s systems earlier this year. The news comes after the airline began contacting two groups of passengers not previously contacted about the issue; This includes the holders of 77,000 payment cards whose name, billing address, email address, card payment information – including card number, expiry date and Card Verification Value – have potentially been leaked. On top of the 77,000, a further 108,000 people’s personal details without Card Verification Value have also been compromised.
Those impacted were people making reward bookings between April the 21st and July the 28th, 2018, and made payment by card.
In September, thousands of BA customers had to cancel their credit cards after the airline admitted that a 15-day data hack had compromised 380,000 payments, prompting a criminal inquiry led by specialist cyber officers from the National Crime Agency (NCA).
“While British Airways does not have conclusive evidence that the data was removed from its systems, it is taking a prudent approach in notifying potentially affected customers, advising them to contact their bank or card provider as a precaution,”
the IAG said,
“Since the announcement on September 6, 2018, British Airways can confirm that it has had no verified cases of fraud.”
British Airways is facing a multimillion-pound fine as a result of the data breach, which the airline’s chief executive described as a “malicious criminal attack”. Under the new GDPR regulations released by the European Union in March, the maximum penalty for a company hit with a data breach is a fine of either £17 million or 4% of global turnover, whichever is greater; In the year ended December 31 2017, BA’s total revenue was £12.2 billion, meaning the company could face a fine of around £500 million if the ICO takes actio
Cyber criminals behind the attack obtained enough credit card details to use them, and BA now faces a possible fine of around £500 million over the breach, with the Information Commissioner’s Office (ICO) also investigating the incident.
BA’s data breach took place after the introduction of the new Data Protection Act, which includes the provisions of the new European General Data Protection Regulation (GDPR).
Have you been affected by this data breach? Know someone who has? Then get in touch at: [email protected] We want to hear your stories!