[Updated] 2018 data breach : BA fined £20 million
#256
Join Date: Jan 2019
Posts: 44
Getting bored of this now - been trying to find out from BA whether my details were compromised during the breach. So far, I've been passed from pillar to post.
In the latest reply I've received, they are refusing to rule out the fact my details were compromised ("While we do not have conclusive evidence that your data was removed from our systems, we want to reassure you that our website is now working normally.") They are now asking for evidence of financial loss arising from the breach. Trying to divert from the actual issue here, which is the data breach and not financial loss.
Obviously there has been no financial loss as Amex probed the fraudulent transactions, called me, and ultimately blocked them before they were approved. BA won't take my enquiry any further without evidence of actual financial loss, and I can't provide any evidence because none exists.
Therefore, it looks like I will never actually be given a straight yes/no answer as to whether my personal information was taken as part of BA's data breach.
What a joke.
In the latest reply I've received, they are refusing to rule out the fact my details were compromised ("While we do not have conclusive evidence that your data was removed from our systems, we want to reassure you that our website is now working normally.") They are now asking for evidence of financial loss arising from the breach. Trying to divert from the actual issue here, which is the data breach and not financial loss.
Obviously there has been no financial loss as Amex probed the fraudulent transactions, called me, and ultimately blocked them before they were approved. BA won't take my enquiry any further without evidence of actual financial loss, and I can't provide any evidence because none exists.
Therefore, it looks like I will never actually be given a straight yes/no answer as to whether my personal information was taken as part of BA's data breach.
What a joke.
#257
FlyerTalk Evangelist
Join Date: Aug 2002
Location: London
Programs: Mucci. Nothing else matters.
Posts: 38,644
Would BA actually know this? I thought that this information was abstracted by third party script lurking on the website. I had inferred that this means that BA could tell you whether your information (if you entered any on the website) may have been abstracted (in other words, you were at risk because there was a possibility that the third party script could have got you), but not that BA could tell you whether your information actually was abstracted.
#258
Join Date: Jan 2019
Posts: 44
They have a pretty good idea of when the malicious code was injected. They can see when my booking was made and what pages I was served.
In my opinion they would be able to tell me with near certainty, if they had any desire to do so, whether I was affected or not.
In my opinion they would be able to tell me with near certainty, if they had any desire to do so, whether I was affected or not.
#259
FlyerTalk Evangelist
Join Date: Aug 2002
Location: London
Programs: Mucci. Nothing else matters.
Posts: 38,644
But you seem to be expecting BA to tell you with a straight yes/no whether or not your information was in fact taken. Unless I'm misunderstanding something about the attack, that doesn't seem likely to be possible; surely only the attackers know for sure whose information they got? If you are persistently asking for the impossible, it wouldn't be a surprise if BA is now brushing you off.
#260
Join Date: May 2006
Location: 5 miles from EMA
Programs: BD, BAEC Pleb, VS Pleb, Accor Pleb, HHonors Gold, Big White Season Pass
Posts: 5,904
They have a pretty good idea of when the malicious code was injected. They can see when my booking was made and what pages I was served.
In my opinion they would be able to tell me with near certainty, if they had any desire to do so, whether I was affected or not.
In my opinion they would be able to tell me with near certainty, if they had any desire to do so, whether I was affected or not.
#261
Join Date: Jan 2019
Posts: 44
They've basically told us all that. This is why I know that I was not at risk from the first announced breach, but I was at risk from the further breach later announced (which took place earlier). Having thereafter had my BA Amex attacked, I'm quite happy to connect the dots for myself.
But you seem to be expecting BA to tell you with a straight yes/no whether or not your information was in fact taken. Unless I'm misunderstanding something about the attack, that doesn't seem likely to be possible; surely only the attackers know for sure whose information they got? If you are persistently asking for the impossible, it wouldn't be a surprise if BA is now brushing you off.
But you seem to be expecting BA to tell you with a straight yes/no whether or not your information was in fact taken. Unless I'm misunderstanding something about the attack, that doesn't seem likely to be possible; surely only the attackers know for sure whose information they got? If you are persistently asking for the impossible, it wouldn't be a surprise if BA is now brushing you off.
Second part of your comment I'll just ignore because you have absolutely no idea what has or hasn't been said.
Edit: this is what HC have said "Please note that in order to progress we would require some supporting documentation. We would be grateful if you could please provide us with the letter or email your received from British Airways advising you had been involved in the breach." - I didn't get an email from BA, BUT my card was compromised and I have no idea where else the card data would have been stolen from. So now I'm trying to get some kind of information from BA so I can actually join the HC case.
#262
FlyerTalk Evangelist
Join Date: Aug 2002
Location: London
Programs: Mucci. Nothing else matters.
Posts: 38,644
The first two sentences are where I am at. I was at risk from the earlier breach but had no communication from them - trying to join the Hayes Connor class action they want written confirmation from BA that I was likely affected. I'm not doing it for fun, but it would be nice to know whether my details are floating out there somewhere.
...
Edit: this is what HC have said "Please note that in order to progress we would require some supporting documentation. We would be grateful if you could please provide us with the letter or email your received from British Airways advising you had been involved in the breach." - I didn't get an email from BA, BUT my card was compromised and I have no idea where else the card data would have been stolen from. So now I'm trying to get some kind of information from BA so I can actually join the HC case.
...
Edit: this is what HC have said "Please note that in order to progress we would require some supporting documentation. We would be grateful if you could please provide us with the letter or email your received from British Airways advising you had been involved in the breach." - I didn't get an email from BA, BUT my card was compromised and I have no idea where else the card data would have been stolen from. So now I'm trying to get some kind of information from BA so I can actually join the HC case.
#264
Join Date: Jan 2016
Location: York, UK
Programs: BAEC Gold, Honors Diamond
Posts: 1,184
The first two sentences are where I am at. I was at risk from the earlier breach but had no communication from them - trying to join the Hayes Connor class action they want written confirmation from BA that I was likely affected. I'm not doing it for fun, but it would be nice to know whether my details are floating out there somewhere.
Second part of your comment I'll just ignore because you have absolutely no idea what has or hasn't been said.
Edit: this is what HC have said "Please note that in order to progress we would require some supporting documentation. We would be grateful if you could please provide us with the letter or email your received from British Airways advising you had been involved in the breach." - I didn't get an email from BA, BUT my card was compromised and I have no idea where else the card data would have been stolen from. So now I'm trying to get some kind of information from BA so I can actually join the HC case.
Second part of your comment I'll just ignore because you have absolutely no idea what has or hasn't been said.
Edit: this is what HC have said "Please note that in order to progress we would require some supporting documentation. We would be grateful if you could please provide us with the letter or email your received from British Airways advising you had been involved in the breach." - I didn't get an email from BA, BUT my card was compromised and I have no idea where else the card data would have been stolen from. So now I'm trying to get some kind of information from BA so I can actually join the HC case.
#265
Join Date: Jan 2019
Posts: 44
BA has made public statements about the dates between which you were at risk if you made certain kinds of transaction. Surely you know whether or not you made transactions of those kinds between the relevant dates? You'd have booking confirmation / e-ticket receipt emails, for example.
I did not receive any email from BA about the breach.
I cannot join the HC suit without having received an email about the breach.
I emailed BA for some kind of confirmation (per my discussions with HC) and got passed from pillar to post. They don’t want to talk about the breach, just about whether I have suffered financial loss arising from a breach they say I may or may not have been affected by.
I think that just about covers it.
#266
Join Date: Jan 2019
Posts: 44
If it helps you track it down in your inbox BA sent 2 emails from [email protected] on Fri, 7 Sep 2018. One in the early hours, the other late in the evening, with a third on Wed, 12 Sep 2018.
Thank you again!
Edit - just tried, and all I can find from this sender is a BA exec club statement from 2015. Never mind, was worth a try!
Last edited by ihatechoosingusernames; Jul 23, 2019 at 11:50 am
#267
Join Date: Oct 2013
Programs: BA Gold, VS Gold, IHG Platinum, Hilton Gold, Hertz Presidents Circle.
Posts: 1,447
#268
Join Date: Oct 2013
Programs: BA Gold, VS Gold, IHG Platinum, Hilton Gold, Hertz Presidents Circle.
Posts: 1,447
Yes, I have an Amex statement showing my transactions with BA (two of) last July.
I did not receive any email from BA about the breach.
I cannot join the HC suit without having received an email about the breach.
I emailed BA for some kind of confirmation (per my discussions with HC) and got passed from pillar to post. They don’t want to talk about the breach, just about whether I have suffered financial loss arising from a breach they say I may or may not have been affected by.
I think that just about covers it.
#269
Join Date: Oct 2013
Programs: BA Gold, VS Gold, IHG Platinum, Hilton Gold, Hertz Presidents Circle.
Posts: 1,447
Yes, I have an Amex statement showing my transactions with BA (two of) last July.
I did not receive any email from BA about the breach.
I cannot join the HC suit without having received an email about the breach.
I emailed BA for some kind of confirmation (per my discussions with HC) and got passed from pillar to post. They don’t want to talk about the breach, just about whether I have suffered financial loss arising from a breach they say I may or may not have been affected by.
I think that just about covers it.
#270
Suspended
Join Date: May 2011
Location: London
Programs: *A G, OW S.
Posts: 996
The latest from Hayes Connor:
Good Afternoon,
We write to advise you about our ongoing exchange of communications with DWF solicitors. DWF is acting on behalf of British Airways.
DWF has issued a High Court application to obtain a Group Litigation Order. This application will be heard on the 4th October 2019 at the High Court in London.
A Group Litigation Order ensures that all claims are managed collectively, even if they are being handled by different solicitors.
As it stands, the disclosure request we have made to DWF is on hold pending that application.
Over the coming weeks, we will work with the other firms involved in this case to agree to a course of action should the Group Litigation Order be successful. Crucially, we will ensure a coordinated approach so that your claim moves forward as quickly as possible.
As it stands DWF, could have sought to settle the claims. However, it has chosen not to do so at this stage.
The Group Litigation Order application means that we can't take any further action until the Court rules on that issue. If you need to give us any further information regarding your case please contact us via email: [email protected] Kind Regards,
Kingsley HayesSolicitor
Good Afternoon,
We write to advise you about our ongoing exchange of communications with DWF solicitors. DWF is acting on behalf of British Airways.
DWF has issued a High Court application to obtain a Group Litigation Order. This application will be heard on the 4th October 2019 at the High Court in London.
A Group Litigation Order ensures that all claims are managed collectively, even if they are being handled by different solicitors.
As it stands, the disclosure request we have made to DWF is on hold pending that application.
Over the coming weeks, we will work with the other firms involved in this case to agree to a course of action should the Group Litigation Order be successful. Crucially, we will ensure a coordinated approach so that your claim moves forward as quickly as possible.
As it stands DWF, could have sought to settle the claims. However, it has chosen not to do so at this stage.
The Group Litigation Order application means that we can't take any further action until the Court rules on that issue. If you need to give us any further information regarding your case please contact us via email: [email protected] Kind Regards,
Kingsley HayesSolicitor