While British Airways was investigating their September 2018 MageCart breach that at the time affected 380,000 customers, they have discovered that an additional 77,000 customers may have been affected.
“The investigation has shown the hackers may have stolen additional personal data and we are notifying the holders of 77,000 payment cards, not previously notified, that the name, billing address, email address, card payment information, including card number, expiry date and CVV have potentially been compromised, and a further 108,000 without CVV,” stated an update on British Airways’ site. “The potentially impacted customers were those only making reward bookings between April 21 and July 28, 2018, and who used a payment card.”
This announcement further states that they do not have conclusive evidence that the data was accessed and are contacting the potentially affected customers. If customers have not heard from them by October 26th at 17:00 GMT, they do not need to be concerned.
The ongoing investigation has also concluded that the amount of affected customers is lower than originally reported in September.
“In addition, from the investigation we know that fewer of the customers we originally announced were impacted. Of the 380,000 payment card details announced, 244,000 were affected. Crucially, we have had no verified cases of fraud.”