adrianlondon

Just received the email and think I know why. It would also tie in to the issues some people here (and the parallel thread here about accounts being locked) are having trying to log in.

The data theft is a list of valid membership numbers and associated full name. Although I use a userid/password to log in, it appears many use their membership number. So, the hackers could use your name to go through various hacker databases and see if they have your password anywhere for any other website that might have been hacked over the years. Then, they will use that password and your membership ID to try to access your BA account.

Due to this, BA have asked you to change your password. In my opinion, I'd only bother doing this if you have used your current BA password anywhere else. As my BA password is unique, I've simply deleted the email and plan to do nothing. This has the added advantage in that it's easy

It also seems that BA have locked accounts that use a membership number to log in, so you'll need to use your user-id. I don't know what happens if you have never created a user-id, maybe it's your email address?