Skip to main content

British Airways data breach may have been larger than originally thought

(Image credit: Image Credit: Bychykhin Olexandr / Shutterstock)

British Airways has revealed that the data breach that hit thousands of its customers last month is actually much bigger than originally thought. 

In a statement to the stock market (opens in new tab), the airline's owner, International Airways Group (IAG) said additional 185,000 customers may have been affected by last month's breach.

The airline first claimed they've had data on 380,000 passengers compromised, only later to downgrade that estimate to 244,000.

The company said all affected customers will be notified by Friday, 5PM. IAG added it does not have “conclusive evidence” that any data has been removed from its systems. Still, it advises its customers to contact their card issuer 'as a precaution'. It concluded the announcement saying British Airways has been 'working continuously with specialist cyber forensic investigators and the National Crime Agency to investigate fully the data theft”.

The group behind the attack on British Airways seems to be Magecart. Security researchers at RiskIQ are saying it's the same group that was behind the Ticketmaster incident. According to the company's press release at the time, it first suspected Magecart was behind the attack after learning that it was web-based. It used its global web-crawling network to “confirm this assumption”.

Comparing the two events, they seem to be almost identical, with one key difference: “instead of compromising commonly used third-party functionality to gain access to hundreds of sites at once, Magecart operatives compromised the British Airways site directly and planned their attack around the site’s unique structure and functionality.”

Image Credit:  Bychykhin Olexandr / Shutterstock

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.