A cyber-security firm says it has found a malicious script injected into the British Airways website, which could be the cause of a recent data breach that affected 380,000 transactions.
RiskIQ researchers analysed code from BA’s website and app around the time when the breach began, in late August.
They said they discovered evidence of a “skimming” script designed to steal financial data from online payment forms.
The BBC has contacted BA for comment.
More to follow