Also strictly speaking the stored details were not compromised - data was scraped off a data entry form. You will routinely be entering the same data into other online forms, BA somehow allowed their web code to be edited without proper review. The underlying data appears to be uncompromised. I appreciate this is a fine distinction, but it's important in understanding where the blame lies.