- British Airways has suffered a data breach recently and the number of users affected is more than initially expected.
- The total number of users affected has spiked up by 185,000.
- The attackers behind the breach have been identified as Magecart, a group targeting multiple organizations.
British Airways released more information about the data breach suffered by the company earlier this year and things are not looking bright. The airline revealed that another 185,000 users may have been affected by the breach and have had their payment information stolen.
The attack on British Airways was made possible due to an exploit in the official website. The group that conducted the initial attack is likely to have stolen data from the website the second time. Customers who have been affected will be contacted by the airline by today.
British Airways revealed that they did not receive any confirmed reports of frauds being committed against its customers. The victims of the data breach have been divided into two groups with 77,000 users who have had their names, addresses, email address and detailed payment information stolen including CVVs. While on the other hand, there are 108,000 users whose CVV numbers have not been stolen. Travel itineraries or passport information was not stolen by the attackers.
The attackers behind the data breach are collectively known as Magecart according to reports. The group not only attacked British Airways but also targeted Ticketmaster in a similar fashion. The airline’s chief executive Alex Cruz called the attack malicious and apologized for the security incident and stated that users who will be financially affected due to the stolen data will be compensated.
The attack on the airline affected users who made transactions between August 21st, 2018 and September 5th, 2018 only and other users have not been affected. The airline may be fined up to 4% of its total yearly revenue under GDPR regulations but an official fine has not been imposed yet.