Yesterday British Airways announced that members who booked directly with British Airways using the website and app between August 21 and September 5, 2018 have had their personal and financial information compromised.
The company updated customers today via email that they would reimburse them for any financial damages arising from this situation and they would also provide a credit monitoring service.
You can access the original article John wrote about this yesterday here.
This data breach has affected approximately 380,000 customers based on the information BA has released to media. The financial information includes actual credit card numbers with expiry dates as well as CVC codes. …
This relates to customer bookings made from 22:58 BST August 21 2018 to 21:45 September 5 2018 inclusive. BA will be contacting affected customers directly to advise them of what has happened and are advising them to contact their banks or credit card providers and follow their recommended advice. …
British Airways just sent out another email with a follow up update:
Following our email notifying you about our recent criminal data theft, we wanted to provide you with more information.
As you may be aware, from 22:58 BST 21 August 2018 until 21:45 BST 5 September 2018 inclusive, the personal and financial details of customers making or changing bookings at ba.com, and on our app were compromised. We’re truly sorry, but you may have been affected.
The personal information compromised includes full name, billing address, email address and payment card information. This includes your card number, expiry date and CVV. Unfortunately this information could be used to conduct fraudulent transactions using your account. We recommend that you contact your bank or credit card provider immediately and follow their advice.
British Airways has taken steps to prevent any further data theft, the website is working normally, and we are working with the authorities to investigate how this theft occurred. …
There is also a compensation clause in this email where BA promises to reimburse customers for all financial damages this situation causes:
We’ll reimburse our customers who have suffered financial losses as a direct result of the theft of their payment card details. We’ll also offer credit rating monitoring, provided by specialists in the field, to any affected customer who is concerned about an impact to their credit rating.
More information will be available on ba.com, so please check for regular updates.
Action you need to take
We take the protection of your personal information very seriously and would encourage you to review the advice below:
1. British Airways will never proactively contact you to request your personal or confidential information. If you ever receive an email or call, claiming to be from us, requesting this information, please report it to us straight away.
2. Review your credit card or bank account statements as soon as you can to check for unauthorised transactions or payments. If you suspect fraud, contact your bank immediately.
3. Do not respond to, or follow any web links from untrusted sources.
Once again, we truly apologise for any worry and inconvenience this criminal activity has caused. Our contact numbers can be found at ba.com, or you can email our Data Protection Officer at DPO@ba.com.
This affects all customers who have interacted in any booking transaction through British Airways either for revenue or Avios bookings. It’s strongly advised to contact the bank and change the credit card due to this breach.
This is truly a mess and considering the kind of data that was stolen it’s dangerous for people to keep their payments cards active and running even though as a credit card customer you’re always protected against fraud by the bank/cc company.
If there are any costs associated with renewing your card you should contact British Airways and claim these expenses referring to their compensation pledge. If you’re interested in the free credit monitoring service you can also contact BA.