RiskIQ also suspected that BA may have fallen victim earlier than claimed. While the air carrier said the data was compromised starting August 21st, Magecart received the SSL certificate used in the hack (to pose as a legitimate operation) on August 15th. Unless it simply waited to act, there's a chance it could have been active on the 15th, if not earlier.

It may be difficult to catch the intruders. The hacks have relied on service providers in Lithuania and Romania, and there's a good possibility the culprits are located somewhere else. This shows that the attacks are likely part of a coordinated campaign, however, and suggests that you could see comparable high-profile breaches in the near future.