Some 380,000 payment cards used by British Airways customers have been compromised in a data breach, and more than one in five consumers surveyed about last year’s massive breach at credit-reporting agency Equifax Inc. reported “unusual activity” in its wake, including new account openings.
British Airways, one of Europe’s largest carriers and one with many flights to and from the U.S., reported Friday that the breach happened from Aug. 21 to Sept. 5. “The stolen data included personal and financial details of customers making bookings and changes on ba.com and the airline’s app,” British Airways said in an online notice. “The data did not include travel or passport details.”
The notice later says that all payment transactions, using either new cards or saved cards, were impacted. The carrier also says “names, billing address, email address, and all bank card details were all at risk.”
According to British press reports, 380,000 cards were affected. The airline said payments through Apple Pay were not compromised. Payment details in PayPal accounts also were unaffected, though it is possible hackers accessed PayPal users’ personal information such as names and addresses, the airline said.
British Airways is still investigating the breach and has not reported yet how hackers accessed its online system. The airline said affected customers will be compensated for any losses, but reports in the British press said it still might be subject to fines from regulators.
Meanwhile, the Identity Theft Resource Center, a San Diego-based non-profit, reported Monday that it polled 881 Americans in August about how the Equifax breach affected them. The breach compromised personal data on approximately 148 million consumers, including Social Security numbers and other personal identifying information from credit reports as well as about 209,000 payment card numbers.
The IRTC said 21% of respondents to its online poll reported seeing “unusual activity” on their credit reports after the breach, which Equifax first disclosed a year ago after discovering it in July 2017. Among that affected group, 23.5% said a new credit card account was opened in their name, and 34% said changes were made to an existing card account. Another 22.9% said other accounts were opened in their name, including loan or utility accounts. Some 3.5% of affected respondents said federal or state tax returns were filed fraudulently in their name.
Nearly 89% of the total respondent pool self-identified as a victim of the Equifax breach, but only 37.8% claimed to have received a letter from Equifax.
The IRTC did not say whether its survey sample was representative of the U.S. adult population.