Reader Question: British Airways Data Theft & Card Compromised?

A LoyaltyLobby reader sent us a question regarding the British Airways data hack and compromised debit card as a result.

SPG Law BA Data Breach

Remember that you can always email us, send a message via Facebook or use Twitter and include photos too. We’ll try to cover Reader Questions & Comments here several times a week.

Here’s the email from the reader:

I would like to ask you for your advice. I have been one of the people affected by the BA Data Theft as I made a reward booking between 21 April and 28 July 2018. I didn’t block my card immediately as I live in China and that card is issued by a bank in my home country in Europe (Czech Republic). Therefor I was watching carefully every week my bank statement and yesterday and today 4 payments appeared, which were not paid by me (nothing was done before). I blocked immediately the card now (it’s debit card unfortunately).

The total amount is not high, total it’s 30,72 EUR. The payments are now in reservation and were done 2x on (15,53 EUR and 4,19 EUR) and 2x Blizzard Entertainment (1 EUR and 10 EUR).

The advice I am seeking from you, whether I have any options how to get any compensation from British Airways, as it’s their mess. Btw I am BA Gold status (not sure it helps…). I also meanwhile wrote to my bank, waiting for their reply.

The situation surrounding this BA hack is borderline surreal. Someone apparently was able to insert a bit of code to their servers that copied all the card information that was used to pay for tickets for extended period of time. Now these are sold on the dark web for the highest bidders.

The reader can write to British Airways that will likely just result a reply from their lawyer with an advice to lawyer up.

The better option is to sign up for the class action lawsuit that SPG Law will likely initiate against BA. You can access their website here.


It is very unfortunate how badly these large corporations safeguard the customer and credit card data, and then usually blame one of their contractors as if it wouldn’t be their fault. What do you get when you choose the lowest cost bidder?

I see that the only solution are large enough fines by governments or compensation payments by the courts. Once these starts hitting the bottom line then perhaps they take the IT security high enough priority to use some money on it.

It is very unfortunate when your card(s) get compromised when  traveling or living in another country. It is not as simple as just mailing replacement one.