BA said on Thursday (October 25) it was notifying the holders of 77,000 payment cards, not previously notified, that their names, billing address, email address and card payment information, including card number, expiry date and CVV security code, may have been compromised.
It is also notifying another 108,000 cardholders over similar stolen data, albeit not including their CVV code.
Customers who made reward bookings between April 21 and July 28, 2018, and used a payment card could be affected.
They are advised to contact their banks or card provider as a precaution. Customers who have not been notified by BA by 5pm on Friday (October 26) do not need to take any further action.
Meanwhile, following its initial investigation into a major security breach the airline revealed on September 6, the airline has revised down the number of customers affected.
BA said of the 380,000 payment cards understood to have been implicated, 244,000 were affected. It added it had logged “no verified cases of fraud”.
“We are very sorry this criminal activity has occurred,” said BA in a statement.
“As we have been doing, we will reimburse any customers who have suffered financial losses as a direct result of the data theft and we will be offering credit rating monitoring, provided by specialists in the field, to any affected customer who is concerned about an impact to their credit rating.”
British Airways confirmed last month the affected payment details were those entered during direct bookings, with GDS bookings though to have been unaffected.