British Airways has this afternoon issued an update on the recent theft of customer data from its website and mobile app.

The carrier said that investigations now show that the details of 77,000 payment cards may potentially have been compromised, including “billing address, email address, card payment information, including card number, expiry date and CVV”.

The holders of these cards had not previously been notified. Meanwhile a further 108,000 cards may have been compromised, without the hacking of CVV data.

The new information concerns customers who made reward bookings between April 21 and July 28, using a payment card.

In a statement posted on the carrier’s website at 1531 today, BA said:

“While we do not have conclusive evidence that the data was removed from British Airways’ systems, we are taking a prudent approach in notifying potentially affected customers, advising them to contact their bank or card provider as a precaution. Customers who are not contacted by British Airways by Friday 26 October at 1700 GMT do not need to take any action.

“In addition, from the investigation we know that fewer of the customers we originally announced were impacted.  Of the 380,000 payment card details announced, 244,000 were affected. Crucially, we have had no verified cases of fraud.

“We are very sorry that this criminal activity has occurred. As we have been doing, we will reimburse any customers who have suffered financial losses as a direct result of the data theft and we will be offering credit rating monitoring, provided by specialists in the field, to any affected customer who is concerned about an impact to their credit rating.”

The update follows news this week that the personal data of 9.4 million Cathay Pacific customers has been hacked.