The cyberattack on British Airways affected even more customers than previously thought, the company said on Thursday.

In September, the organization announced that hackers had stolen the data of thousands of British Airways customers, who had to cancel their credit cards. The 15-day data hack had compromised 380,000 payments, prompting a criminal inquiry led by specialist cyber officers from the National Crime Agency (NCA).

According to the airline, further investigation has shown the hackers may have stolen additional personal data and they we are notifying the holders of 77,000 payment cards, not previously notified, that the name, billing address, email address, card payment information, including card number, expiry date and CVV have potentially been compromised, and a further 108,000 without CVV.

The potentially impacted customers were those making reward bookings between April 21 and July 28, 2018, and who used a payment card, the airline stated.

The company stated there are no verified cases of fraud, and will reimburse any customers who have suffered financial losses as a direct result of the data theft. British Airways will also offer credit rating monitoring to any affected customer who is concerned about an impact to their credit rating.