Yesterday British Airways announced that members who booked directly with British Airways using the website and app between August 21 and September 5, 2018 have had their personal and financial information compromised.
The company updated customers today via email that they would reimburse them for any financial damages arising from this situation and they would also provide a credit monitoring service.
You can access the original article John wrote about this yesterday here.
This data breach has affected approximately 380,000 customers based on the information BA has released to media. The financial information includes actual credit card numbers with expiry dates as well as CVC codes. …
This relates to customer bookings made from 22:58 BST August 21 2018 to 21:45 September 5 2018 inclusive. BA will be contacting affected customers directly to advise them of what has happened and are advising them to contact their banks or credit card providers and follow their recommended advice. …
British Airways just sent out another email with a follow up update:
Following our email notifying you about our recent criminal data theft, we wanted to provide you with more information.
As you may be aware, from 22:58 BST 21 August 2018 until 21:45 BST 5 September 2018 inclusive, the personal and financial details of customers making or changing bookings at ba.com, and on our app were compromised. We’re truly sorry, but you may have been affected.
The personal information compromised includes full name, billing address, email address and payment card information. This includes your card number, expiry date and CVV. Unfortunately this information could be used to conduct fraudulent transactions using your account. We recommend that you contact your bank or credit card provider immediately and follow their advice.
British Airways has taken steps to prevent any further data theft, the website is working normally, and we are working with the authorities to investigate how this theft occurred. …
There is also a compensation clause in this email where BA promises to reimburse customers for all financial damages this situation causes:
We’ll reimburse our customers who have suffered financial losses as a direct result of the theft of their payment card details. We’ll also offer credit rating monitoring, provided by specialists in the field, to any affected customer who is concerned about an impact to their credit rating.
More information will be available on ba.com, so please check for regular updates.
Action you need to take
We take the protection of your personal information very seriously and would encourage you to review the advice below:
1. British Airways will never proactively contact you to request your personal or confidential information. If you ever receive an email or call, claiming to be from us, requesting this information, please report it to us straight away.
2. Review your credit card or bank account statements as soon as you can to check for unauthorised transactions or payments. If you suspect fraud, contact your bank immediately.
3. Do not respond to, or follow any web links from untrusted sources.
Once again, we truly apologise for any worry and inconvenience this criminal activity has caused. Our contact numbers can be found at ba.com, or you can email our Data Protection Officer at DPO@ba.com.
This affects all customers who have interacted in any booking transaction through British Airways either for revenue or Avios bookings. It’s strongly advised to contact the bank and change the credit card due to this breach.
Conclusion
This is truly a mess and considering the kind of data that was stolen it’s dangerous for people to keep their payments cards active and running even though as a credit card customer you’re always protected against fraud by the bank/cc company.
If there are any costs associated with renewing your card you should contact British Airways and claim these expenses referring to their compensation pledge. If you’re interested in the free credit monitoring service you can also contact BA.
I still don’t get it – they say only people who made a booking during that period are affected. But they still send me these emails even though I’m fairly sure I’ve not done a booking in that window. Can they not be serious and tell you if you’re affected or not, rather than sending this to everybody and saying that you ‘might’ be affected? Bunch of idiots!
I wonder how easy the compensation will be to claim. If it is anything like claiming for EC261/2004 compensation from BA then expect to be in for a long battle.
I had an oline booking transaction with BA during the specific period.
I used my Amex BAPP card to pay the fees – It was an Avios booking.
As well as the 2 e-mails from BA, I also received an e-mail with the following text from Amex :
____________________________________________________________________________
Dear Cardmember, I’m writing to you about the reported British Airways data breach involving personal and financial details of customers being compromised through their web and mobile app.
We want to assure you we have industry-leading fraud protection technology that is continually monitoring for any suspicious activity in order to safeguard you. Also, our Cardmembers are never liable for any fraudulent charges on their Accounts. If you have used your American Express Card to book with British Airways, we are monitoring your Account for you.
There is no action you need to take – we will contact you immediately if there’s any unusual activity with your Account. In the meantime you can continue to use your Card as normal.
If we see any unusual activity which could be fraud, we will contact you immediately. For added protection, you can also sign up for free fraud and other Account activity notifications via email, SMS text messaging, or alerts through our app.
Thank you for your continued Cardmembership.
Yours sincerely, Charlotte Duerden
Country Manager, American Express UK