Print Page  |  Close Window

News Release

Update on British Airways cyber attack
RNS Number : 2296F
International Cons Airlines Group
25 October 2018



Further to International Airlines Group's (IAG) announcement on September 6, 2018 regarding the theft of its subsidiary British Airways' customers' data, the airline has been working continuously with specialist cyber forensic investigators and the National Crime Agency to investigate fully the data theft. It is updating customers today with further information as it concludes the internal investigation.


The investigation has shown the hackers may have stolen additional personal data and British Airways is notifying the holders of 77,000 payment cards, not previously notified, that the name, billing address, email address, card payment information, including card number, expiry date and CVV have potentially been compromised, and a further 108,000 without CVV. The potentially impacted customers were only those making reward bookings between April 21 and July 28, 2018, and who used a payment card.


While British Airways does not have conclusive evidence that the data was removed from its systems, it is taking a prudent approach in notifying potentially affected customers, advising them to contact their bank or card provider as a precaution.


In addition, from the investigation British Airways knows that fewer of the customers originally identified were impacted.  Of the 380,000 payment card details identified, 244,000 were affected.


Since the announcement on September 6, 2018 British Airways can confirm that it has had no verified cases of fraud.  


October 25, 2018                               




This information is provided by RNS, the news service of the London Stock Exchange. RNS is approved by the Financial Conduct Authority to act as a Primary Information Provider in the United Kingdom. Terms and conditions relating to the use and distribution of this information may apply. For further information, please contact or visit