185,000 more people hit by British Airways hacker attack

calendar iconOct 26, 2018


The vicious hacker attack on the British Airways website discovered last month reached new heights today as recent investigations into the extent of the the data breach revealed a further 108,000 customers affected over a much wider period of time than initially announced. 

Anyone who used a payment card to purchase a BA flight with reward bookings between April 21st and July 28th dates is advised to contact their banks immediately. 

As BA works alongside National Crime Agency to assess the situation fully, over 100k of their customers are having to cancel their cards months after having their data stolen. In addition to the unsettling violation of privacy, the stress of cancelling their cards and awaiting a replacement - particularly while travelling - would be unbareable in a cashless society. 

Customers have once again taken to Twitter to vent their frustrations as the airline's reputation experience more than a little turbulance. Yet, despite the horrorstricken cries of BA flyers, the airline continues to stand by their cashless on-flight policy implemented two years ago.  

"We are very sorry that this criminal activity has occurred. As we have been doing, we will reimburse any customers who have suffered financial losses as a direct result of the data theft and we will be offering credit rating monitoring, provided by specialists in the field..."
"StatementBritish Airways

The information was given at an International Airlines Group (IAG) stock exchange announcement, which revealed that 77,000 customer had their name, address, email address and detailed payment information taken and 108,000 lost personal details aside from their payment card CVV numbers. It appears that both attacks had been carried out by the same group or gang.

The news broke almost immediately after Hong Kong-based international airline, Cathay Pacific, announced that its computer system had been hacked earlier this year with cybercriminals lifting personal data and travel histories of some 9.4 million people. Again, the world is reminded of the need for a payment form that protects privacy effortlessly.

Excerpt from British Airways website

The investigation has shown the hackers may have stolen additional personal data and we are notifying the holders of 77,000 payment cards, not previously notified, that the name, billing address, email address, card payment information, including card number, expiry date and CVV have potentially been compromised, and a further 108,000 without CVV. The potentially impacted customers were those only making reward bookings between April 21 and July 28, 2018, and who used a payment card.

While we do not have conclusive evidence that the data was removed from British Airways’ systems, we are taking a prudent approach in notifying potentially affected customers, advising them to contact their bank or card provider as a precaution. Customers who are not contacted by British Airways by Friday 26 October at 1700 GMT do not need to take any action.

In addition, from the investigation we know that fewer of the customers we originally announced were impacted.  Of the 380,000 payment card details announced, 244,000 were affected. Crucially, we have had no verified cases of fraud.

We are very sorry that this criminal activity has occurred. As we have been doing, we will reimburse any customers who have suffered financial losses as a direct result of the data theft and we will be offering credit rating monitoring, provided by specialists in the field, to any affected customer who is concerned about an impact to their credit rating. 

Read full BA announcement here


  • British Airways will be contacting affected customers until 17:00 GMT, Friday October 26th, 2018. 
  • BA said the incident has been resolved and all systems are working normally. Customers due to travel can check in online as normal. 
  • BA and IAG may be looking at substantial fines because the breach took place after the General Data Protection Regulation (European privacy and data rules) came into force.

Related articles

380,000 card transactions intercepted in British Airways hacking attack
The British Airways website and app were the host of a recent hacker attack which affected hundreds of thousands of BA customers in under two weeks with 380,000 transactions intercepted. Full names, addresses, card numbers, and expiry dates were compromised in the attack on customers who booked or amended flights between 21st August and 5th September 2018. Anyone who, in-between these dates, booked a BA flight with their card is advised to contact their banks immediately. 

RBS, NatWest & Ulster Bank customers turn to cash after network crash
Throughout the morning of September 21st, 2018, NatWest customers faced a frantic Friday as the Royal Bank of Scotland, NatWest and Ulster Bank experienced a technological glitch that left their customers unable to access their mobile or online banking services. So much for TGIF...

Cardnet, Lloyds Bank & Visa fail customers as network glitch charges UK card users twice
One glitch and thousands of cardholders across the UK were wrongly charged twice for card payments made on Wednesday 29th August 2018. To make matters worse, receipts did not reflect the double-charge, forcing countless of unsuspecting customers into their overdraft...

Visa crashes and everyone turns to cash
Card users across Europe were failed by Visa on Friday 1st June, 2018 when the card giant's network crashed unexpectedly. One Twitter user described the chaos as a deleted scene from Lord of the Rings.

The problem with a cashless society, according to central banks 
Cybersecurity concerns are rising at an alarming rate. Central bankers warn that a cashless future would leave individuals and institutions vulnerable to hacker attacks as well as network failures...

Last Updated: Oct 31, 2018