British Airways has revealed that the data breach that hit the company earlier this year may have affected far more customers than initially thought after discovering an additional issue.
The airline has said that a further 185,000 customers may have had personal details such as payment card numbers stolen in the attack earlier this year.
Attackers were able to exploit a website compromise which was only discovered as BA investigated the initial attack, which the airline says were carried out by the same group.
The airline will be contacting affected customers by email before 5pm today, a BA spokesperson said, however it said it had not received any verified reports of fraud committed using details from any victims.
British Airways data breach
Last month, BA parent company IAG said that it had identified an initial 380,000 cards as being at risk, although it has now said this figure is more like 244,000.
Victims were split into two groups, with 77,000 people having names, addresses, email address and detailed payment information taken, and a further 108,000 people seeing personal details apart from the CVV number for their payment cards breached.
The attack affected customers making a booking between August 21st and September 5th of this year in what BA Chairman and Chief Executive Alex Cruz called a “very sophisticated, malicious criminal” attack. The attackers were able to obtain customer names, street and email addresses, credit card numbers, expiry dates and security codes, putting their accounts at risk.
Last month, security researchers RiskIQ identified the attackers as a collective called Magecart, which is suspected of being behind recent attempts to hack Ticketmaster in an almost-identical assault.