/security

News and resources on cyber and physical threats to banks and fintechs worldwide.

British Airways warns another 185,000 cards compromised by data breach

British Airways is warning that another 185,000 customers may have had their payment card details stolen in a data breach.

  15 1 comment

British Airways warns another 185,000 cards compromised by data breach

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

The airline says that customers who made reward bookings with payment cards between April 21 and July 28 are at risk.

It is contacting the holders of 77,000 payment cards to warn that their names, billing addresses, email addresses, and card payment information, including card number, expiry date and CVV, have potentially been compromised. A further 108,000 have had the same information compromised minus the CVV.

BA only discovered the breach while investigating a similar hack that was carried out later but uncovered in early September. That attack was initially thought to have involved the card details of 380,000 customers, although BA has now revised this down to 244,000.

The company says that it has had no verified cases of fraud related to that incident and that there is no "conclusive evidence" that data was removed from its systems in the newly announced hack.

However, it is promising to contact everyone involved by Friday afternoon, advising them to speak to their bank or card provider.

Sponsored [On-Demand Webinar] Solving the KYC challenge with end-to-end processes

Related Company

Keywords

Comments: (1)

A Finextra member 

As one of those potentially affected by this breach, these clowns should be severly fined (and I mean £millions) for keeping and storing full PAN numbers as well as CVV numbers. Card acquirers and schemes have been warning merchants for years that hanging on to the CVV is a no, no, and yet BA think they don't need to comply when the rest of the merchant community are doing so? Clearly demonstrates a two fingered gesture to PCI-DSS and they should pay dearly.

[On-Demand Webinar] Solving the KYC challenge with end-to-end processesFinextra Promoted[On-Demand Webinar] Solving the KYC challenge with end-to-end processes