Where am I today?

Very interesting! A key point is that it appears the hackers had access to the BA servers (not a 3rd party server) long before the attack and they had a substantial level of access. What else were they were able to do/view???

"While we can never know how much reach the attackers had on the British Airways servers, the fact that they were able to modify a resource for the site tells us the access was substantial, and the fact they likely had access long before the attack even started is a stark reminder about the vulnerability of web-facing assets" Bolding mine.

This brings up a whole set of new concerns.