British Airways today announced that members that booked directly with British Airways using the website and app between August 21 and September 5, 2018 have had their personal and financial information compromised.
This data breach has affected approximately 380,000 customers based on the information BA has released to media. The financial information includes actual credit card numbers with expiry dates.
You can access BA’s page for this hack here.
Here’s the announcement from BA:
We are investigating, as a matter of urgency, the theft of customer data from our website and our mobile app. The stolen data did not include travel or passport details.
From 22:58 BST August 21 2018 until 21:45 BST September 5 2018 inclusive, the personal and financial details of customers making bookings on our website and app were compromised.
The breach has been resolved and our website is working normally. We have notified the police and relevant authorities.
We are deeply sorry for the disruption that this criminal activity has caused. We take the protection of our customers’ data very seriously.
What to do if you have been affected
If you believe you have been affected by this incident, then please contact your bank or credit card provider and follow their recommended advice. Please check back here for further updates, we will be updating this page.
FAQs
How do I know if I have been affected?
This relates to customer bookings made from 22:58 BST August 21 2018 to 21:45 September 5 2018 inclusive. We will be contacting affected customers directly to advise them of what has happened and are advising them to contact their banks or credit card providers and follow their recommended advice.
Will there be any compensation?
We take the protection of our customers’ data seriously, and are very sorry for the concern that this criminal activity has caused. We will continue to keep our customers updated with the very latest information. We will be contacting customers and will manage any claims on an individual basis.
What data has been lost?
The personal and financial details of customers making bookings on ba.com and the airline’s mobile app were compromised. No passport or travel details were stolen.
How do I reset my ba.com password?
Click the Forgotten Pin/Password link on the top right-hand corner of the ba.com homepage.
We recommend you choose a unique password that you do not use for any other online account.
Should I call my bank or cancel my credit cards?
We recommend you contact your bank and follow their recommended advice.
What shall I do if I am due to travel today?
The incident has been resolved and all systems are working normally so customers due to travel can check-in online as normal.
Will I still be able to check in?
Yes, all customers booked on our flights will be able to check in as normal.
Will this affect any future bookings?
The incident has been resolved and ba.com is working normally so future bookings will not be affected.
Here’s the email that BA just sent to affected passengers:
Here’s an email that BA sent on May 23:
Personal data including credit card numbers doesn’t seem to be in safe hands with British Airways after all….
Conclusion
This is very serious breach. The hackers were able to get all the account information including password and credit card number(s). Seems that the data is not properly safeguarded and hashed by BA.
If you made purchases with BA during the affected dates, you should go and change your password NOW and also closely monitor your credit card activity for any unauthorized charges..
Why hasn’t BA sent out an email to affected customers? Ive just been on my account and seen my registered payment card is there, so no doubt it was breached. It’s astonishing! I thought they had to under GDPR.
They have sent out an email but I don’t know whether it went to all or only to those who were affected – I received the email too but I can’t remember purchasing anything in that period… It’s pretty shabby behaviour from BA, they should say clearly whether if I receive the email I am affected or not, not just that I ‘might’ be affected.
This is yet another reason to never store your charge card or credit card number on ANY vendors website. Just NEVER do it.
To all those affected by this latest hack I will ask: –
Just how much time & effort has it saved you now?
Why did you even do it in the first place?
The 15 day delay plus the hours to act once they eventually announced it is also yet another reason to never trust BA. Just never.
The delay shows total incompetence coupled with the usual lack of action
From the sounds of it they only got data from customers who manually entered it during the booking, not from those using stored data from their database. So your ‘advice’ is totally wrong I’m afraid. But please continue being paranoid 😉
I accept your contradictions and corrections and opinion cheerfully. While hoping my posting proves unfounded I also hope the “sounds of it” proves to be the truth of it.
Your response is highly appreciated and I bid you farewell
“The airline has guaranteed that financial losses suffered by customers directly because of the theft of this data from British Airways will be reimbursed, and is recommending that customers contact their bank or card provider if they made a booking or change to their booking between 22:58 BST August 21 2018 and 21:45 BST September 5 2018.
We understand that this incident will cause concern and inconvenience. We have contacted all affected customers to say sorry, and we will continue to update them in the coming days. British Airways will not be contacting any customers asking for payment card details, any such requests should be reported to the police and relevant authorities.”
https://www.britishairways.com/en-es/information/incident/data-theft/latest-information?dr=&dt=British%20Airways&tier=&scheme=&logintype=public&audience=travel&CUSTSEG=&GGLMember=&ban=%7C%7CP1M%7C%7C%7C%7C%7C%7C%7CHOME%7C%7C%7C%7CL4%7C%7C%7C%7Canonymous-inspiration%7C%7C%7C&KMtag=c&KMver=1.0&clickpage=HOME
I was one of those affected,
I shall be traveling this week, will be inconvenienced due to blocked cards.
The damage on the financial can be contained.
What bothers is the breach of personal data .