Looking at BA’s twitter feed this morning, they’re saying they’re not offering compensation for the data breach. It’s not clear if this is a holding position or the formal ongoing policy. If they’d fulfilled their responsibilities and still got hacked, then that’s one thing. But they have clearly not followed the regulations on GDPR and PCI and saved money in the process, inconveniencing many of us through their conscious cost-cutting and transferring the burden onto us. That isn’t good enough in my opinion.