The payment card details of a further 185,000 people may have been stolen in a cyber-attack on the British Airways website.
A website vulnerability is thought to be root cause of the hack, providing criminals with a back door through which they could have accessed company data.
BA discovered the further potential breach while investigating a breach of its website in September, which affected 380,000 transactions.
The company said that it is contacting any customers whose data is thought to have been compromised.
In early September, BA revealed that its website and app had been compromised between 22:58 BST on 21 August and 21:45 BST on 5 September. Around 380,000 people were caught up in this incident and, said BA, payment card details of 244,000 people were affected.
British Airways said: "Since the announcement on September 6, 2018, British Airways can confirm that it has had no verified cases of fraud.”
The September attack prompted an investigation by the UK's National Crime Agency and the Information Commissioner's Office.
Due to September’s breach, BA and IAG could face huge fines - up to 4% of their annual turnover - because the breach took place after General Data Protection Regulation legislation came into force.
Return to internet news headlines
View Internet News Archive