Sep 7, 2018, 8:15 am
Last edit by: tbm13
Are you trying to change your BA password and having difficulty doing so? For some suggestions, go to this wikipost.
---------------------------------------------------------------------------------------------------------------------
On Thursday 6 September 2018 at about 1830 London time (UTC+1), BA announced that there had been a data breach involving customers using the BA website and the BA mobile app.
Updates from BA are being posted to this ba.com page: https://www.britishairways.com/en-gb...st-information
A further update dated 25 October 2018 can be found in this post 1377. The SPG Law class action thread can be found here.
As at 1400 London time on Tuesday 11 September 2018, the body of that page read:-
That is followed by a series of FAQs. These are reproduced at the end of this wikipost.
If you are experiencing difficulties in changing your BA password or want further information about doing so, some information is in this thread: https://www.flyertalk.com/forum/brit...rd-ba-com.html (which also has a wikipost).
Reports from FTers suggest that credit card companies and banks are taking differing approaches to this incident:-
As of Wednesday 12th September, affected customers are being emailed with the following additional information
Note that the email from BA gives you a personal "Activation Code". However, when you get to the signup forms for ProtectMyID, you put the code into the second page of the sign up form in the "Promotional Code" field.
---------------------------------------------------------------------------------------------------------------------
On Thursday 6 September 2018 at about 1830 London time (UTC+1), BA announced that there had been a data breach involving customers using the BA website and the BA mobile app.
Updates from BA are being posted to this ba.com page: https://www.britishairways.com/en-gb...st-information
A further update dated 25 October 2018 can be found in this post 1377. The SPG Law class action thread can be found here.
As at 1400 London time on Tuesday 11 September 2018, the body of that page read:-
Customer data theft
We are investigating, as a matter of urgency, the theft of customer data between 22:58 BST August 21 2018 until 21:45 BST September 5 2018 from our website, ba.com, and our mobile app.
The stolen data included personal and financial details of customers making bookings and changes on ba.com and the airline’s app. The data did not include travel or passport details.
The theft has been reported to the authorities and our website is now working normally.
What to do if you have been affected
If you believe you may have been affected because you made a booking or paid to change to your booking with a credit or debit card on ba.com or the mobile app between 22:58 BST August 21 2018 until 21:45 BST September 5 2018, we recommend you contact your bank or credit card provider and follow their advice.
We understand that this incident will cause concern and inconvenience. We are contacting all affected customers to say sorry, and we will continue to update them in the coming days.
Phishing
Customers should also be aware that fraudsters may be claiming to be British Airways and attempt to gather personal information by deception (known as 'phishing').
We will not be contacting any customers asking for payment card details and any such requests should be reported to the police and relevant authorities.
See below for more information on how to validate that the email you have received from us is genuine.
We are investigating, as a matter of urgency, the theft of customer data between 22:58 BST August 21 2018 until 21:45 BST September 5 2018 from our website, ba.com, and our mobile app.
The stolen data included personal and financial details of customers making bookings and changes on ba.com and the airline’s app. The data did not include travel or passport details.
The theft has been reported to the authorities and our website is now working normally.
What to do if you have been affected
If you believe you may have been affected because you made a booking or paid to change to your booking with a credit or debit card on ba.com or the mobile app between 22:58 BST August 21 2018 until 21:45 BST September 5 2018, we recommend you contact your bank or credit card provider and follow their advice.
We understand that this incident will cause concern and inconvenience. We are contacting all affected customers to say sorry, and we will continue to update them in the coming days.
Phishing
Customers should also be aware that fraudsters may be claiming to be British Airways and attempt to gather personal information by deception (known as 'phishing').
We will not be contacting any customers asking for payment card details and any such requests should be reported to the police and relevant authorities.
See below for more information on how to validate that the email you have received from us is genuine.
If you are experiencing difficulties in changing your BA password or want further information about doing so, some information is in this thread: https://www.flyertalk.com/forum/brit...rd-ba-com.html (which also has a wikipost).
Reports from FTers suggest that credit card companies and banks are taking differing approaches to this incident:-
- American Express - A recorded message says they are aware of the breach, there is no need to take any further action and if you suffer any financial loss you will be fully compensated; an email says: "There is no action you need to take – we will contact you immediately if there's any unusual activity with your Account. In the meantime you can continue to use your Card as normal" (see post 293, post 401, post 470 and post 491).
- Barclaycard - They just assured me I was fully protected, and I didn't need to do anything yet (see post 253); however at 18.20 on 7/9/18 the customer service helpline automated message says that affected cards are being reissued (see post 511).
- Barclays Bank - They have contacted people they believe to have been affected, and have blocked their cards from online use (website/app), but the cards remain valid for physical (chip & PIN) transactions in shops, ATMs etc. New cards being dispatched "within a week" (see post 918).
- Capital One - online transactions being blocked, new cards being issued (see post 493).
- Chase (British Airways visa) - no contact from Chase about data breach and card still working
- HSBC Premier Mastercard - Offering customers the option to freeze the card or replace it with a new card (see post 274).
- Lloyds - Said "wait and see", but did give the option to cancel the card and have it reissued (see post 403).
- Lloyds Mastercard - Based on the information they have, fraudulent use of my card is unlikely, just keep an eye on online banking and report anything suspicious (see post 370).
- Monzo - Automatically replacing all cards (see post 371).
- Natwest- Of the opinion that as there had been no fraudulent activity on my account to just keep an eye on things, and to call immediately if any suspicious transactions appear and fraud team would refund (post 315).
- Sainsburys Bank - seem to be replacing all cards proactively (see post 968)
- Starling - Automatically replacing cards (see post 460).
- Tesco Bank - Pro-actively sending a new card as per details in this post (post 484)
- TSB - Call the Telephone Banking Team on 03459 758758 to discuss further (see post 437).
- Vanquis - online transactions being blocked, new cards being issued (see post 493).
Have I been affected?
How do I know if I have been affected?
Customers who made bookings or changes to their bookings on ba.com or our mobile app between 22:58 BST August 21, 2018 and 21:45 BST September 5, 2018 may have been affected.
We advise any customers who believe they may have been affected to contact their banks or credit card providers and follow their advice.
We are experiencing high call volumes into our contact centres so please continue to check this page for the latest information.
Contact us
What data has been lost?
The personal and financial details of customers making bookings on ba.com and our mobile app between 22:58 BST August 21, 2018 and 21:45 BST September 5, 2018 was compromised. No passport or travel details were stolen. Only customers who made bookings between these dates are affected.
Names, billing address, email address and all bank card details were all at risk.
Did this affect just new bookings or any payment transaction made within the impacted time period?
All payment transactions made on ba.com or our mobile app from 22:58 BST August 21 2018 to 21:45 September 5 2018 inclusive were affected. Nothing before or after these dates and times was impacted. Payments made through our call centres, travel agents or online travel sites are not affected.
Are my saved payment card details safe if they were used to make a booking in that period?
If you made a payment using a saved card on ba.com or the mobile app from 22:58 BST August 21, 2018 to 21:45 September 5, 2018 inclusive, you may have been impacted.
No Executive Club accounts were compromised in the data theft. There is no impact to Avios or details stored with the British Airways Executive Club.
Has saved credit card data been stolen, even if a booking hasn’t been made in that period?
No, saved payment card data has not been compromised. However, if you made a payment using a saved card on ba.com or the mobile app from 22:58 BST August 21, 2018 to 21:45 September 5, 2018 inclusive, you may have been impacted.
How were phone numbers not affected?
Phone number information is collected in a separate part of the booking process and is not used as part of the payment transaction therefore this has not been impacted.
I used PayPal to pay for my ba.com transaction. Is this impacted?
If you booked through PayPal, your PayPal account will not have been compromised. There does remain the risk that some of your personal information such as your name and address may have been accessed. No passport details or travel details were compromised.
Is Apple Pay affected?
If you used Apple Pay via the mobile app then your data will not have been compromised.
I had a failed payment attempt during the affected time period – am I affected?
If you clicked the pay button on ba.com then the transaction would have taken place even if the outcome was unsuccessful and the data would have been compromised.
We advise any concerned customers to contact their banks or credit card providers and follow their advice.
Will I be affected if I made a free change to my booking but my payment card details were saved in the reservation?
If you made a free change to your booking via ba.com and did not use your payment card as part of that transaction, then you will not have been impacted.
Are travel agent bookings affected?
Only bookings or changes to bookings made directly with ba.com or the mobile app between 22:58 BST August 21, 2018 and 21:45 BST September 5, 2018 were affected.
If a change was made to a travel agent booking on ba.com and payment made for an additional product, such as seat reservations or excess baggage, then these would be affected.
Does this affect Executive Club accounts in any way? i.e. missing Avios/ Tier Points
No accounts were compromised in the data theft. There is no impact to Avios or details stored with the British Airways Executive Club.
I received an email about the data theft, however I only cancelled a booking during this time – will I be affected?
If you cancelled and refunded your booking between 22:58 BST August 21, 2018 and 21:45 September 5, 2018, you will not have been impacted.
---------------------------------------------------------------------------------------------------------
What should I do if I think I am affected?
Should I call my bank or cancel my credit cards?
We recommend that all customers who made bookings or changes to their bookings with ba.com or the mobile app, between 22:58 BST August 21, 2018 and 21:45 BST September 5, 2018, contact their banks or credit card providers and follow their advice.
I think my card was compromised when I made a booking on ba.com outside of the time period – what should I do?
The data theft relates to customer bookings made or changed between 22:58 BST August 21, 2018 and 21:45 September 5, 2018 only.
We advise any concerned customers to contact their banks or credit card providers and follow their advice.
How would I know if I have been a victim of identity theft?
There are a number of signs to look out for that may indicate that you might have been a victim of identity theft:-
If you are concerned about an email, we recommend that you don't click on any links, open any documents or reply to it until you have looked into it further.
Official emails relating to this theft will be sent from: [email protected]. You should hover over the sent email address to confirm this is where the email has been sent from before clicking on it.
British Airways will never proactively contact you to request your personal or confidential information. If you ever receive an email or call, claiming to be from us, requesting this information, please report it to us straight away.
We've put the details of the scams we're aware of on our ba.com website security page. There's also security essentials information to help you, along with details of how to report any new scams to us (or other emails/calls that have concerned you).
Will I be reimbursed?
We take the protection of our customers’ data seriously and are very sorry for the concern that this criminal activity has caused.
We will continue to keep our customers updated with the very latest information.
No customer will be out of pocket as a direct result of the criminal theft of data from ba.com and the airline’s mobile app. Any customer who made a booking between 22:58 BST August 21 2018 and 21:45 BST September 5 2018 will be reimbursed for any fraudulent activity on their accounts as a direct result of the data theft and we shall advise the process for this in due course.
We will be offering a 12-month credit rating monitoring service to any affected customer who is concerned about an impact to their credit rating, provided by specialists in the field and will share details of this in the near future.
Will BA pay for costs associated with getting new cards, e.g. postage costs?
No customer will be out of pocket as a direct result of the criminal theft of data from ba.com and the airline’s mobile app. We are working through the process and will update our customers as soon as we can.
How do I reset my ba.com password?
ba.com and Executive Club accounts have not been compromised and your login details are safe.
However, if you’d like to change your password, first ensure you are logged out of ba.com and click the Forgotten Pin/Password link on the top right-hand corner of the homepage. We recommend you choose a unique password that you do not use for any other online account.
We are aware of some customers experiencing intermittent issues when attempting to reset their passwords. We are working on resolving this as quickly as possible.
---------------------------------------------------------------------------------------------------------
How does this affect my bookings?
What shall I do if I am due to travel today?
The incident has been resolved and all systems are working normally so customers due to travel can check-in online as normal.
Will I still be able to check in?
Yes, all customers booked on our flights will be able to check in as normal.
Will this affect any future bookings?
The incident has been resolved and ba.com is working normally so future bookings will not be affected.
Will bookings made over the period of this incident remain confirmed?
Yes, all bookings made remain valid for travel.
If I cancelled the card my booking was made with what do I need to bring to the airport?
The payment card that was used to pay for the booking should be brought to the airport if you are the owner of the card and are travelling. However, if the payment card has expired since the booking was made and you have a new card, or you don't have the original card used for payment, please print out a copy of your flight itinerary from Manage my Booking.
I have now cancelled my credit card, but I had used that card to make a future flight booking, so how will I be able to access that booking?
You do not need to enter your payment card details when retrieving an existing booking via Manage My Booking on ba.com, so access to future booking is not restricted due to the cancellation of the payment card.
How do I know if I have been affected?
Customers who made bookings or changes to their bookings on ba.com or our mobile app between 22:58 BST August 21, 2018 and 21:45 BST September 5, 2018 may have been affected.
We advise any customers who believe they may have been affected to contact their banks or credit card providers and follow their advice.
We are experiencing high call volumes into our contact centres so please continue to check this page for the latest information.
Contact us
What data has been lost?
The personal and financial details of customers making bookings on ba.com and our mobile app between 22:58 BST August 21, 2018 and 21:45 BST September 5, 2018 was compromised. No passport or travel details were stolen. Only customers who made bookings between these dates are affected.
Names, billing address, email address and all bank card details were all at risk.
Did this affect just new bookings or any payment transaction made within the impacted time period?
All payment transactions made on ba.com or our mobile app from 22:58 BST August 21 2018 to 21:45 September 5 2018 inclusive were affected. Nothing before or after these dates and times was impacted. Payments made through our call centres, travel agents or online travel sites are not affected.
Are my saved payment card details safe if they were used to make a booking in that period?
If you made a payment using a saved card on ba.com or the mobile app from 22:58 BST August 21, 2018 to 21:45 September 5, 2018 inclusive, you may have been impacted.
No Executive Club accounts were compromised in the data theft. There is no impact to Avios or details stored with the British Airways Executive Club.
Has saved credit card data been stolen, even if a booking hasn’t been made in that period?
No, saved payment card data has not been compromised. However, if you made a payment using a saved card on ba.com or the mobile app from 22:58 BST August 21, 2018 to 21:45 September 5, 2018 inclusive, you may have been impacted.
How were phone numbers not affected?
Phone number information is collected in a separate part of the booking process and is not used as part of the payment transaction therefore this has not been impacted.
I used PayPal to pay for my ba.com transaction. Is this impacted?
If you booked through PayPal, your PayPal account will not have been compromised. There does remain the risk that some of your personal information such as your name and address may have been accessed. No passport details or travel details were compromised.
Is Apple Pay affected?
If you used Apple Pay via the mobile app then your data will not have been compromised.
I had a failed payment attempt during the affected time period – am I affected?
If you clicked the pay button on ba.com then the transaction would have taken place even if the outcome was unsuccessful and the data would have been compromised.
We advise any concerned customers to contact their banks or credit card providers and follow their advice.
Will I be affected if I made a free change to my booking but my payment card details were saved in the reservation?
If you made a free change to your booking via ba.com and did not use your payment card as part of that transaction, then you will not have been impacted.
Are travel agent bookings affected?
Only bookings or changes to bookings made directly with ba.com or the mobile app between 22:58 BST August 21, 2018 and 21:45 BST September 5, 2018 were affected.
If a change was made to a travel agent booking on ba.com and payment made for an additional product, such as seat reservations or excess baggage, then these would be affected.
Does this affect Executive Club accounts in any way? i.e. missing Avios/ Tier Points
No accounts were compromised in the data theft. There is no impact to Avios or details stored with the British Airways Executive Club.
I received an email about the data theft, however I only cancelled a booking during this time – will I be affected?
If you cancelled and refunded your booking between 22:58 BST August 21, 2018 and 21:45 September 5, 2018, you will not have been impacted.
---------------------------------------------------------------------------------------------------------
What should I do if I think I am affected?
Should I call my bank or cancel my credit cards?
We recommend that all customers who made bookings or changes to their bookings with ba.com or the mobile app, between 22:58 BST August 21, 2018 and 21:45 BST September 5, 2018, contact their banks or credit card providers and follow their advice.
I think my card was compromised when I made a booking on ba.com outside of the time period – what should I do?
The data theft relates to customer bookings made or changed between 22:58 BST August 21, 2018 and 21:45 September 5, 2018 only.
We advise any concerned customers to contact their banks or credit card providers and follow their advice.
How would I know if I have been a victim of identity theft?
There are a number of signs to look out for that may indicate that you might have been a victim of identity theft:-
- Post from your bank or utility provider doesn’t arrive.
- You apply for state benefits, but are told you are already claiming.
- Refused financial services, credit cards or a loan, despite having a good credit rating.
- Receiving letters in your name from solicitors or debt collectors for debts that aren’t yours.
- Request a copy of your credit file to check for any suspicious credit applications.
- Report the theft of personal information and suspicious credit applications to the police and ask for a crime reference number.
- If fraud has been committed, contact Action Fraud.
If you are concerned about an email, we recommend that you don't click on any links, open any documents or reply to it until you have looked into it further.
Official emails relating to this theft will be sent from: [email protected]. You should hover over the sent email address to confirm this is where the email has been sent from before clicking on it.
British Airways will never proactively contact you to request your personal or confidential information. If you ever receive an email or call, claiming to be from us, requesting this information, please report it to us straight away.
We've put the details of the scams we're aware of on our ba.com website security page. There's also security essentials information to help you, along with details of how to report any new scams to us (or other emails/calls that have concerned you).
Will I be reimbursed?
We take the protection of our customers’ data seriously and are very sorry for the concern that this criminal activity has caused.
We will continue to keep our customers updated with the very latest information.
No customer will be out of pocket as a direct result of the criminal theft of data from ba.com and the airline’s mobile app. Any customer who made a booking between 22:58 BST August 21 2018 and 21:45 BST September 5 2018 will be reimbursed for any fraudulent activity on their accounts as a direct result of the data theft and we shall advise the process for this in due course.
We will be offering a 12-month credit rating monitoring service to any affected customer who is concerned about an impact to their credit rating, provided by specialists in the field and will share details of this in the near future.
Will BA pay for costs associated with getting new cards, e.g. postage costs?
No customer will be out of pocket as a direct result of the criminal theft of data from ba.com and the airline’s mobile app. We are working through the process and will update our customers as soon as we can.
How do I reset my ba.com password?
ba.com and Executive Club accounts have not been compromised and your login details are safe.
However, if you’d like to change your password, first ensure you are logged out of ba.com and click the Forgotten Pin/Password link on the top right-hand corner of the homepage. We recommend you choose a unique password that you do not use for any other online account.
We are aware of some customers experiencing intermittent issues when attempting to reset their passwords. We are working on resolving this as quickly as possible.
---------------------------------------------------------------------------------------------------------
How does this affect my bookings?
What shall I do if I am due to travel today?
The incident has been resolved and all systems are working normally so customers due to travel can check-in online as normal.
Will I still be able to check in?
Yes, all customers booked on our flights will be able to check in as normal.
Will this affect any future bookings?
The incident has been resolved and ba.com is working normally so future bookings will not be affected.
Will bookings made over the period of this incident remain confirmed?
Yes, all bookings made remain valid for travel.
If I cancelled the card my booking was made with what do I need to bring to the airport?
The payment card that was used to pay for the booking should be brought to the airport if you are the owner of the card and are travelling. However, if the payment card has expired since the booking was made and you have a new card, or you don't have the original card used for payment, please print out a copy of your flight itinerary from Manage my Booking.
I have now cancelled my credit card, but I had used that card to make a future flight booking, so how will I be able to access that booking?
You do not need to enter your payment card details when retrieving an existing booking via Manage My Booking on ba.com, so access to future booking is not restricted due to the cancellation of the payment card.
We deeply apologise for any worry and inconvenience this criminal activity has caused. For your reassurance, we’re offering you 12 months of free credit and identity monitoring services, provided by Experian, one of the UK’s leading Credit Reference agencies.
Your free ProtectMyID membership
To help you to monitor your personal information for certain signs of potential identity theft, we are offering you a free 12 month membership to Experian ProtectMyID. This service helps detect possible misuse of your personal data and provides you with identity monitoring support, focussed on the identification and resolution of identity theft.
Activating your free ProtectMyID membership
1. Ensure that you sign up for the service by 12 December 2018. Your code expires after this date.
2. Visit the ProtectMyID website to get started.
3. Click on ‘Join ProtectMyID’ (top right-hand side).
4. Enter your details along with the following activation code: XXXXXXXX
This code is unique to you and only available in this email – please keep this email for reference.
Once your membership is activated, you’ll have access to the following features:
1. Unlimited access to your Experian Credit Report.
2. Credit Alerting – an email or text to let you know when certain changes happen on your Experian Credit Report, such as the addition of a new credit search.
3. Access to an Identity Theft Resolution service if you do become a victim of fraud, where you’ll have a dedicated case worker who will support you in resolving fraud that has occurred.
4. If you are at higher risk of fraud, Experian can add protective Cifas registration to your credit report which can help prevent credit being taken in your name. The Cifas Protective Registration service places a flag alongside your name and personal details in the National Fraud Database. Companies and organisations who are signed up as members of the database will see you’re at risk and take extra steps to protect you.
If you have any questions regarding this service, then please contact Experian’s Customer Support Centre on 03444 818182*. They are open Monday to Friday, 8am to 8pm and Saturday, 9am to 5pm.
Your free ProtectMyID membership
To help you to monitor your personal information for certain signs of potential identity theft, we are offering you a free 12 month membership to Experian ProtectMyID. This service helps detect possible misuse of your personal data and provides you with identity monitoring support, focussed on the identification and resolution of identity theft.
Activating your free ProtectMyID membership
1. Ensure that you sign up for the service by 12 December 2018. Your code expires after this date.
2. Visit the ProtectMyID website to get started.
3. Click on ‘Join ProtectMyID’ (top right-hand side).
4. Enter your details along with the following activation code: XXXXXXXX
This code is unique to you and only available in this email – please keep this email for reference.
Once your membership is activated, you’ll have access to the following features:
1. Unlimited access to your Experian Credit Report.
2. Credit Alerting – an email or text to let you know when certain changes happen on your Experian Credit Report, such as the addition of a new credit search.
3. Access to an Identity Theft Resolution service if you do become a victim of fraud, where you’ll have a dedicated case worker who will support you in resolving fraud that has occurred.
4. If you are at higher risk of fraud, Experian can add protective Cifas registration to your credit report which can help prevent credit being taken in your name. The Cifas Protective Registration service places a flag alongside your name and personal details in the National Fraud Database. Companies and organisations who are signed up as members of the database will see you’re at risk and take extra steps to protect you.
If you have any questions regarding this service, then please contact Experian’s Customer Support Centre on 03444 818182*. They are open Monday to Friday, 8am to 8pm and Saturday, 9am to 5pm.
BA Investigating Theft of Personal and Financial Data
Sep 7, 2018, 2:36 am
#301
Join Date: May 2006
Location: 5 miles from EMA
Programs: BD, BAEC Pleb, VS Pleb, Accor Pleb, HHonors Gold, Big White Season Pass
Posts: 5,904
just hung up the phone with BA. First person I spoke to basically read out the statement and said "call your bank". Then spoke to a supervisor who was more empathetic and is trying to get more info on what specific info of mine has been taken. Meantime, called Amex and as one may imagine, all the lines are busy. Amex are going to be spitting nails this morning!
Sep 7, 2018, 2:37 am
#302
Join Date: Mar 2018
Location: UK
Programs: BA Blue, Hilton Diamond, IHG Diamond
Posts: 304
A very good point to make on the topic of data security. I always check when receiving a call from any financial institution. They call me, claiming to be my bank/credit card/utility provider etc. and then demand my date of birth, e-mail address, etc to prove who I am. My answer is generally along the lines of 'You called me; how do I know who you are?'. The good ones will then tell you something about your account, like the amount of your last council tax direct debit, last 4 digits of your bank account, wife's middle initial or similar. A few still get stroppy and don't tell you why they've called and hang up. You CANNOT trust the calling number displayed, this is incredibly easy to spoof.
Sep 7, 2018, 2:38 am
#303
Join Date: May 2018
Posts: 34
According to comments from the BA twitter account, it's only the card used to make a booking during the window, saved cards are not affected.
Haven't seen that specifically stated in any ot the comms on the ba website or the email they sent me to tell me my data was gone.
Haven't seen that specifically stated in any ot the comms on the ba website or the email they sent me to tell me my data was gone.
I got the dreaded email
I dont save my card details online because I dont think its safe to do so...
and it appears giving BA your card details which ever way is not a good idea ¬_¬
Last edited by alanjhett; Sep 7, 2018 at 2:42 am Reason: quote
Sep 7, 2018, 2:41 am
#304
Join Date: Jul 2005
Location: London, ARN, HEL, ..... or MAN
Programs: BA GGL / GFL, Mucci Diamond!, HH Diamond, Radisson Premium, IHG Gold, Hertz Gold
Posts: 5,907
I thought I would share this little gem, this is what the departmental mailboxes are chucking out this morning:
Auto-Response By (Administrator) (07/09/2018 09.17 AM)
Thank you for contacting British Airways Executive Club - it's good to hear from you.
In order to make sure we continue to securely protect your data, we’ve revised our validation procedures, allowing us to discuss your details or bookings with you. This ensures that your data continues to be held securely and we only discuss issues with you or a person you have given us the authority to act on your behalf.
For all your future account queries (including the email you’ve just sent to us), you will need to provide the following information in your enquiry before we can answer you:
• The registered postal address on your account
• Your date of birth or passport number
Please also make sure you've given us your account number.
We thank you so much for your support and cooperation with this.
We're usually quick to respond and will be in touch with you as soon as possible - you don't need to send your query again at any time. However, if you’re due to travel within the next 48 hours or if you need to talk to us urgently, you might like to consider calling through to your dedicated support team.
Kind regards
British Airways
Thank you for contacting British Airways Executive Club - it's good to hear from you.
In order to make sure we continue to securely protect your data, we’ve revised our validation procedures, allowing us to discuss your details or bookings with you. This ensures that your data continues to be held securely and we only discuss issues with you or a person you have given us the authority to act on your behalf.
For all your future account queries (including the email you’ve just sent to us), you will need to provide the following information in your enquiry before we can answer you:
• The registered postal address on your account
• Your date of birth or passport number
Please also make sure you've given us your account number.
We thank you so much for your support and cooperation with this.
We're usually quick to respond and will be in touch with you as soon as possible - you don't need to send your query again at any time. However, if you’re due to travel within the next 48 hours or if you need to talk to us urgently, you might like to consider calling through to your dedicated support team.
Kind regards
British Airways
Sep 7, 2018, 2:47 am
#305
Join Date: Jun 2015
Location: London
Programs: BA Silver
Posts: 6
So for those affected, do you think it's worth contacting BA customer services about this?
When I received my email I was ready to dispatch a grumpy complaint but now I've had a cup of tea and a sit down I suspect this may be a waste of time, especially given the likelihood of getting a standardised response.
When I received my email I was ready to dispatch a grumpy complaint but now I've had a cup of tea and a sit down I suspect this may be a waste of time, especially given the likelihood of getting a standardised response.
Sep 7, 2018, 2:48 am
#307
Join Date: Aug 2018
Location: AMS / DUS / DXB
Programs: BAEC Silver | Flying Blue Gold | Accor Gold
Posts: 107
Received mail too last night.
Normally use paypal for payments, but it wasn't working for the past weeks. So I use creditcard directly once and this happens. Great.
Normally use paypal for payments, but it wasn't working for the past weeks. So I use creditcard directly once and this happens. Great.
Sep 7, 2018, 2:49 am
#308
Join Date: Jan 2013
Location: CEB - primary/YVR -secondary
Programs: AC*Super Elite (100K) / PR*Elite / AY*Platinum (OWE) / SPG*Bonvoy Titanium (LTT)
Posts: 2,272
Hi guys,
got the email too. But only thing i have done during that time frame was cancel a reservation online.
Am I affected? As far as I recall cancelling reservations doesnt involve manually entering my credit card.
Please let me know! Sorta worried about this as i am travelling and cancelling my card while abroad is a bit of a pain.
got the email too. But only thing i have done during that time frame was cancel a reservation online.
Am I affected? As far as I recall cancelling reservations doesnt involve manually entering my credit card.
Please let me know! Sorta worried about this as i am travelling and cancelling my card while abroad is a bit of a pain.
Sep 7, 2018, 2:49 am
#309
Join Date: Nov 2008
Location: Thames Valley
Programs: BAEC, LHM&M, and even a dusty KLFB!
Posts: 894
I'll tread reasonably carefully here. Saved cards shouldn't be affected due to the way they should be tokenised and / or encrypted at rest. If you save a credit card number, nobody at BA or the payment acquirer would actually be able to see your number. Once it's saved, it should no longer exist in the form in which it was actually keyed into the system.
How can it be true that the original number no longer exists in the system - surely even with stored encrypted details, the system has to at some point be able to re-generate the card number in order to feed that into the payment processing system?
Sep 7, 2018, 2:52 am
#310
Join Date: Mar 2016
Programs: BAEC Gold
Posts: 74
As usual FT is more informative than BA itself... My situation is as follows - I would be grateful for the insights of any IT sorts!
* I booked a flight using a new credit card at about 7pm BST August 22nd (so I presume this transaction was affected).
* I have NOT had an email from BA
* The bank - who have clearly had gazillions of similar conversations in recent hours - seem not too concerned as I haven't had the email and no evidence of fraud transactions. BUT they did ask me to contact BA to clarify as if I HAD got the email they would cancel and replace the card.
* I have called the gold line and after waiting for an age had someone in India read the website back to me which really didn't help (/tangent I thought the gold line was answered in the UK?)
* I have tweeted BA 3 times and have not got an answer.
Has anyone else made a booking in the affected time frame but not got an email? Any suggestions gratefully received!
ETA Not in the UK at present and not scheduled to return for over a month - so long phone calls with the India call desk particularly tiresome and expensive! Plus losing the use of my card whilst away would be a massive problem (not to mention the hassle of trying to get a new one...)
* I booked a flight using a new credit card at about 7pm BST August 22nd (so I presume this transaction was affected).
* I have NOT had an email from BA
* The bank - who have clearly had gazillions of similar conversations in recent hours - seem not too concerned as I haven't had the email and no evidence of fraud transactions. BUT they did ask me to contact BA to clarify as if I HAD got the email they would cancel and replace the card.
* I have called the gold line and after waiting for an age had someone in India read the website back to me which really didn't help (/tangent I thought the gold line was answered in the UK?)
* I have tweeted BA 3 times and have not got an answer.
Has anyone else made a booking in the affected time frame but not got an email? Any suggestions gratefully received!
ETA Not in the UK at present and not scheduled to return for over a month - so long phone calls with the India call desk particularly tiresome and expensive! Plus losing the use of my card whilst away would be a massive problem (not to mention the hassle of trying to get a new one...)
Last edited by Accidental Scientist; Sep 7, 2018 at 2:55 am Reason: Forgot to mention not in UK!
Sep 7, 2018, 2:55 am
#311
Join Date: May 2012
Location: London, UK
Programs: BA Gold, Hotels.com Gold
Posts: 390
E-mail received here too at 3am, which would have been re a flight I booked online on 25 August. This was after I'd seen the first one - which looked so much like a phishing attack I did not dare click on any of the links - and come here to see what was going on. Password reset didn't work last night either (Safari on an iPad) even with my old PIN but I have managed to do it now via the "forgot my password" link.
I used Amex and have seen nothing suspicious so far and I check my transactions daily anyway. I would think a large proportion of bookings are with Amex (more so than some other websites) and they are very good at catching this sort of thing, so they may be BA's saviour in this.
I am still deeply unimpressed with BA especially over the bad late-night communications.
I used Amex and have seen nothing suspicious so far and I check my transactions daily anyway. I would think a large proportion of bookings are with Amex (more so than some other websites) and they are very good at catching this sort of thing, so they may be BA's saviour in this.
I am still deeply unimpressed with BA especially over the bad late-night communications.
Sep 7, 2018, 2:56 am
#312
Join Date: Oct 2015
Programs: BA Gold for Life
Posts: 1,390
I got the email.
The only transaction I had in the relevant period was a holiday booking where I paid the deposit by AMEX. For me, holiday bookings do not pick up my stored AMEX details and I had to enter all the required info. My payment took much longer than normal to confirm but nothing odd on my AMEX account and understand holiday bookings are less likely to be compromised.
At present I have not cancelled my AMEX but will be monitoring things.
The only transaction I had in the relevant period was a holiday booking where I paid the deposit by AMEX. For me, holiday bookings do not pick up my stored AMEX details and I had to enter all the required info. My payment took much longer than normal to confirm but nothing odd on my AMEX account and understand holiday bookings are less likely to be compromised.
At present I have not cancelled my AMEX but will be monitoring things.
Sep 7, 2018, 2:59 am
#313
Join Date: May 2004
Location: 7th planet on your right
Programs: BA[G], SQ[G], TK[G], DL[PM], EY[G], AF[S], IC[Amb], HH[G]
Posts: 1,641
I thought I would share this little gem, this is what the departmental mailboxes are chucking out this morning:
Auto-Response By (Administrator) (07/09/2018 09.17 AM)
Thank you for contacting British Airways Executive Club - it's good to hear from you.
In order to make sure we continue to securely protect your data, we’ve revised our validation procedures, allowing us to discuss your details or bookings with you. This ensures that your data continues to be held securely and we only discuss issues with you or a person you have given us the authority to act on your behalf.
For all your future account queries (including the email you’ve just sent to us), you will need to provide the following information in your enquiry before we can answer you:
• The registered postal address on your account
• Your date of birth or passport number
Please also make sure you've given us your account number.
We thank you so much for your support and cooperation with this.
We're usually quick to respond and will be in touch with you as soon as possible - you don't need to send your query again at any time. However, if you’re due to travel within the next 48 hours or if you need to talk to us urgently, you might like to consider calling through to your dedicated support team.
Kind regards
British Airways
Thank you for contacting British Airways Executive Club - it's good to hear from you.
In order to make sure we continue to securely protect your data, we’ve revised our validation procedures, allowing us to discuss your details or bookings with you. This ensures that your data continues to be held securely and we only discuss issues with you or a person you have given us the authority to act on your behalf.
For all your future account queries (including the email you’ve just sent to us), you will need to provide the following information in your enquiry before we can answer you:
• The registered postal address on your account
• Your date of birth or passport number
Please also make sure you've given us your account number.
We thank you so much for your support and cooperation with this.
We're usually quick to respond and will be in touch with you as soon as possible - you don't need to send your query again at any time. However, if you’re due to travel within the next 48 hours or if you need to talk to us urgently, you might like to consider calling through to your dedicated support team.
Kind regards
British Airways
Sep 7, 2018, 3:00 am
#314
Join Date: May 2015
Programs: BAEC GCH, Virgin Flying Club SCH
Posts: 142
Hi All
Quick update on my experience as a NatWest customer. Further to what I was told on Friday (that is to monitor my account and only call if I noticed suspicious behaviour) tried to use my card last night and my card was declined.
Contacted NatWest and was put through to their security team. I was informed that BA had supplied updated information to VISA (not NatWest) and as a result of this information VISA has placed a block on any cards identified as affected (not sure if this is true but this is what I was told).
Only solution was to cancel my card and issue a new one which is going to take 5-7 working days and leaving me very inconvenienced as I’m still travelling for another week.
I was also told (by the understandably very frustrated NatWest person dealing with the nth call on this last night) that the information coming through from BA has been poor and sporadic.
Just thought I’d update as it’s a very different position to Friday.
Previous Post:
Might not be related, but I was prompted a couple of weeks ago when logging in to my executive club account to change my password. Didn't think anything of it at the time, but now I'm wondering.
I also have received the dreaded email, however my transaction was to pay a deposit for the family holiday next year. As many others have said, as BA are not being forthcoming on EXACTLY what data has been stolen (and consequently I don't believe them right now when they say travel information was not taken), it causes concern that criminals will know when our home is empty.
Like others I had the 'PIN' issue when trying to reset my password through account settings. Using 'forgot my password' worked for me.
Contacted my bank this morning (Natwest), was on hold for just over 20 minutes (very unusual waiting time due to account I have), and the person I spoke to was very aware of the issue. As I'm traveling and it would be REALLY inconvenient to cancel cards, they were of the opinion that as there had been no fraudulent activity on my account to just keep an eye on things, and to call immediately if any suspicious transactions appear and fraud team would refund. Assured me that they had increased their fraud monitoring me as a result of the BA issue and were confident they would pick up any fraudulent activity.
While it could be argued that BA may have handled things quite well (from an IT perspective) once the breach was discovered, I have been less than impressed with the spin, weasel words, and wriggling already displayed in trying to play down, or deny, their liability.
Quick update on my experience as a NatWest customer. Further to what I was told on Friday (that is to monitor my account and only call if I noticed suspicious behaviour) tried to use my card last night and my card was declined.
Contacted NatWest and was put through to their security team. I was informed that BA had supplied updated information to VISA (not NatWest) and as a result of this information VISA has placed a block on any cards identified as affected (not sure if this is true but this is what I was told).
Only solution was to cancel my card and issue a new one which is going to take 5-7 working days and leaving me very inconvenienced as I’m still travelling for another week.
I was also told (by the understandably very frustrated NatWest person dealing with the nth call on this last night) that the information coming through from BA has been poor and sporadic.
Just thought I’d update as it’s a very different position to Friday.
Previous Post:
Might not be related, but I was prompted a couple of weeks ago when logging in to my executive club account to change my password. Didn't think anything of it at the time, but now I'm wondering.
I also have received the dreaded email, however my transaction was to pay a deposit for the family holiday next year. As many others have said, as BA are not being forthcoming on EXACTLY what data has been stolen (and consequently I don't believe them right now when they say travel information was not taken), it causes concern that criminals will know when our home is empty.
Like others I had the 'PIN' issue when trying to reset my password through account settings. Using 'forgot my password' worked for me.
Contacted my bank this morning (Natwest), was on hold for just over 20 minutes (very unusual waiting time due to account I have), and the person I spoke to was very aware of the issue. As I'm traveling and it would be REALLY inconvenient to cancel cards, they were of the opinion that as there had been no fraudulent activity on my account to just keep an eye on things, and to call immediately if any suspicious transactions appear and fraud team would refund. Assured me that they had increased their fraud monitoring me as a result of the BA issue and were confident they would pick up any fraudulent activity.
While it could be argued that BA may have handled things quite well (from an IT perspective) once the breach was discovered, I have been less than impressed with the spin, weasel words, and wriggling already displayed in trying to play down, or deny, their liability.
Last edited by DirtyDavey; Sep 9, 2018 at 5:52 am
Sep 7, 2018, 3:02 am
#315
Moderator, Iberia Airlines, Airport Lounges, and Ambassador, British Airways Executive Club
Join Date: Feb 2010
Programs: BA Lifetime Gold; Flying Blue Life Platinum; LH Sen.; Hilton Diamond; Kemal Kebabs Prized Customer
Posts: 63,846
To answer the multiple questions here:
- if you have not had an email from BA, you can assume you were not affected.
- the obvious exception is if you had transactions in this period and you are not contactable for whatever reason (maybe BA don't have your main email address for example).
- if you do get the email then contact your credit card companies (however for Amex we know the answer already, they are relaxed about this and are not suggesting card changes). If you don't get the email then I would not bother.
- If your credit card company is like Amex and suggests not changing your card, then if something happened recently which seems odd or unusual, I would nevertheless insist. These companies are generally good at handling this area, and you're unlikely to be out of pocket, but the hassle factor when something has happened "after the event" is a great deal more than a preventative card number change, new card routine.
- you don't need to change your passwords, but it's a good idea anyway. And you don't use your BAEC password anywhere else, do you?
- if you have not had an email from BA, you can assume you were not affected.
- the obvious exception is if you had transactions in this period and you are not contactable for whatever reason (maybe BA don't have your main email address for example).
- if you do get the email then contact your credit card companies (however for Amex we know the answer already, they are relaxed about this and are not suggesting card changes). If you don't get the email then I would not bother.
- If your credit card company is like Amex and suggests not changing your card, then if something happened recently which seems odd or unusual, I would nevertheless insist. These companies are generally good at handling this area, and you're unlikely to be out of pocket, but the hassle factor when something has happened "after the event" is a great deal more than a preventative card number change, new card routine.
- you don't need to change your passwords, but it's a good idea anyway. And you don't use your BAEC password anywhere else, do you?