2018 will be remembered as the year of major airline data theft and security breaches. Already this year we have seen major breaches suffered by Air Canada, Cathay Pacific and British Airways. Last month we wrote about the discovery of BA’s data breach, affecting approximately 380,000 of the airline’s customers and their personal and financial details.
While investigating the aforementioned breach it was discovered that 185,000 additional customers had been affected.
The new breach occurred between April 21 and July 28 and predates the previous one discovered in August. This one only involves customers who booked trips using British Airways loyalty program points and while indeed smaller, the breach is still significant. 77,000 people had their names, addresses, email addresses, and payment data stolen, and 108,000 people had their payment card numbers and expiration dates taken, but not their CVV numbers.
BA have been quick to assure customers that they do not have “conclusive evidence” that any data has been removed from its systems, but affected customers are encouraged to contact their bank or card provider “as a precaution”. They have also not yet received any reports of actual fraud having taken place in relation to the data breach. They will still reimburse any financial loss suffered by their customers.