Originally Posted by
armouredant
Very interesting reading and it means that if this was the only attack that took place then the information that BA has shared about stored cards (that were used) being at risk is at least partially incorrect. The CVC numbers from those cards would have been redirected but not the card number itself. They would have any other information entered on the booking page which could add some puzzle pieces to data from another attack.