Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

The British Airways hack was way worse than previously feared

More than half a million British Airways customers are now believed to have had their personal data stolen as a result of a security breach last month.

The airline says the total number of passengers affected is much higher than the 380,000 it initially announced. It says an additional 185,000 customers’ payment card information and personal details were compromised as part of the IT breach.

In a statement, the company said around 77,000 of those customers, who hadn’t previously been notified, potentially had their name, billing address, card number, expiry data and security code compromised. The follow-up investigation conducted by the airline revealed that another 108,000 were potentially stolen, but those were lacking the all-important CVV number.

Read more: Internet security guide

Here’s what the company has to say for itself (via The Register): “The investigation has shown the hackers may have stolen additional personal data and British Airways is notifying the holders of 77,000 payment cards, not previously notified, that the name, billing address, email address, card payment information, including card number, expiry date and CVV have potentially been compromised, and a further 108,000 without CVV.

“The potentially impacted customers were only those making reward bookings between April 21 and July 28, 2018, and who used a payment card.”

Back in September, one of our writers revealed he was affected by the hack and had to go through the process of cancelling their card. The customer assistant at their bank told them that there were “a hundred” customers waiting in line on the phone, and that they expected all of them were calling for the same reason.

Initially, BA claimed the breach only affected those who booked online or via the app from August 21 at 22:58 BST to September 5 at 21:45 BST. The company advised those customers to notify their banks and change their British Airways account password.

Were you affected by the BA breach? What correspondence have you received from the airline? Drop us a line @TrustedReviews on Twitter.

Why trust our journalism?

Founded in 2003, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.