My understanding, and back to my post earlier about the fact companies shouldn't use third party companies for handling personal info, is that private messaging on X isn't encrypted unless you're using the app, and are a verified user. You also need to "follow" BA

https://help.x.com/en/using-x/encrypted-direct-messages

I guess I'm overly cynical, but I don't like the idea of sending personal info unencrypted through a company with as many employees as X, none of whom are related to BA.