British Airlines has reported that there has been another hacker attack on its website and user data of more than 185000 customers may have been compromised. According to a statement issued by BA’s owner IAG the breach was discovered when it was investigating the recently reported incident in September that affected 380000 transactions and victims of both attacks were caught in a compromise which had been undetected for months. IAG mentioned that the attacks seem to have been done by the same group and it would shortly contact all the individual users whose personal details had been stolen during the twin attacks on its website and will ask them to take adequate precautionary measures.
IAG announced this recent development of an additional breach at a stock exchange meeting and stated that the first attack took place between April 21, 2018 and July 28, 2018 which affected British Airlines customers that had made bookings on the airlines to cash-in their loyalty program awards. Revealing the attack details IAG made it clear that In the first attack personal details like name, actual address, email address and payment information of around 77000 people was taken, In the second attack credit card details of 108,000 people were lost along with CVV numbers of their credit/debit cards that they used to make transaction.
Beyond this information no other details have been shared by BA about the attack. During early September BA had declared that its website and app had been hacked and payment details of 380000 customers had been compromised that had transacted with BA between August 21, 2018 and September 5, 2018. It had announced that payment card details of 244000 users had been compromised due to this data breach. The attack has prompted a detailed investigation by UK’s National Crime Agency and also the Information Commissioner’s Office while both BA and IAG could face stringent fines as the breach has occurred after new data rules have come into force.