SITA [airline IT provider] data breach, some BAEC data compromised
Mar 5, 2021, 11:55 am
#46
Join Date: Jun 2015
Location: LHR, LGW
Programs: BAEC
Posts: 3,440
Have had the same experience as everybody above. Just called GGL line. Sounds like they're getting inundated with calls about this. I feel sorry for them having to deal with this at 6.30pm on a Friday night.
GGL line confirmed that my account is locked and on the phone we tried to unlock it with a new password after they sent me a reset link, but, as with others above, it is not recognising the BAEC number. So failed which GGL operator was not expecting. He confirmed it will go to another department to unlock.
So have decided to just leave it till Monday and let them sort it out. If the account is locked, and they have told me that, and they have confirmed my current balances in an email, then I am ok to wait while they get themselves sorted.
GGL line confirmed that my account is locked and on the phone we tried to unlock it with a new password after they sent me a reset link, but, as with others above, it is not recognising the BAEC number. So failed which GGL operator was not expecting. He confirmed it will go to another department to unlock.
So have decided to just leave it till Monday and let them sort it out. If the account is locked, and they have told me that, and they have confirmed my current balances in an email, then I am ok to wait while they get themselves sorted.
Mar 5, 2021, 11:57 am
#48
Join Date: Oct 2019
Location: clue is in the nym
Programs: BA Gold, TP Gold, VS Gold, Hilton Diamond, IHG Diamond, Hyatt Globalist, Marriott Platinum
Posts: 833
wonderful...
"We will not contact you by phone and ask for your password - please do not reveal your password to anyone claiming to be from British Airways. If you need to contact us, you can do so via our contact centres."
i got a text with the verification. thats a contact by phone.
"We will not contact you by phone and ask for your password - please do not reveal your password to anyone claiming to be from British Airways. If you need to contact us, you can do so via our contact centres."
i got a text with the verification. thats a contact by phone.
You got a text. Nobody asked you for your password. What's the problem?
Mar 5, 2021, 12:15 pm
#49
Join Date: Oct 2012
Location: Helvetia
Programs: AS; BA Silver; UA; HH Gold; Sprüngli Connaisseur
Posts: 2,912
I'm kind of surprised that SITA would have any actual data as they were primarily a private networking company, at least back in the days when I had anything to do with them. Which was basically setting up RIP to send data over SITA to Lockheed-Martin instead of over the public internet. Then again, that was about 20 or so years ago so things have probably changed.
But, as I like to say, if you're any good in IT, you're not going to stay in aviation.
But, as I like to say, if you're any good in IT, you're not going to stay in aviation.
Mar 5, 2021, 12:21 pm
#51
Join Date: Apr 2006
Location: MAN
Programs: F
Posts: 2,898
Used the forgot my password link, set a new password using my membership number which is what I always use, but could not log in with the new password. I tried switching to my email address but that did not work either with the new password. Finally I guessed at a username without an "@" (although I do not recall setting one) and that let me through to the send SMS and pick yet another password page. I could now login using the guessed-at username and the second new password.
So .. I went to my account details where I see that "username" is UNSET and my email address is meant to be my username. I have changed this to specifically be the guessed-at username and now it both shows it in my account details and I can continue to login.
Holy c**p.
So .. I went to my account details where I see that "username" is UNSET and my email address is meant to be my username. I have changed this to specifically be the guessed-at username and now it both shows it in my account details and I can continue to login.
Holy c**p.
Mar 5, 2021, 12:21 pm
#52
Join Date: Nov 2016
Location: Sussex
Programs: BA; IHG; LHW; Hilton
Posts: 788
Used email
having gone to the trouble of changing my password, twice, I also then found it did not recognise my membership number. However – I did work when I used my BA email address instead along with the new, new – that second new – password 🙈🙉
Mar 5, 2021, 12:23 pm
#53
Join Date: Oct 2019
Location: clue is in the nym
Programs: BA Gold, TP Gold, VS Gold, Hilton Diamond, IHG Diamond, Hyatt Globalist, Marriott Platinum
Posts: 833
I'm kind of surprised that SITA would have any actual data as they were primarily a private networking company, at least back in the days when I had anything to do with them. Which was basically setting up RIP to send data over SITA to Lockheed-Martin instead of over the public internet. Then again, that was about 20 or so years ago so things have probably changed.
But, as I like to say, if you're any good in IT, you're not going to stay in aviation.
But, as I like to say, if you're any good in IT, you're not going to stay in aviation.
Mar 5, 2021, 12:29 pm
#55
Join Date: Apr 2012
Location: LCY is always preferred
Programs: BAEC Gold, IHG Silver, HHonors Gold
Posts: 1,026
Using the email address worked for me. I managed to complete the new password and then changed the ID from my BAEC number to my email and I'm in fine. Glad actually, as I'm just about to book my first flight in ages (for 2022!!!)
Mar 5, 2021, 12:32 pm
#56
Join Date: Oct 2019
Location: clue is in the nym
Programs: BA Gold, TP Gold, VS Gold, Hilton Diamond, IHG Diamond, Hyatt Globalist, Marriott Platinum
Posts: 833
There's no point in trying to change your password, BA have most likely locked everyones out and will probably do a slow slow approach, especially after what happened the last time. They won't be taking any risks. BA will be swamped with many callers now, better to leave it for few days. Unlikely, anyone will get into your account as its locked out.
Mar 5, 2021, 12:35 pm
#57
Join Date: Nov 2006
Programs: Seniors Bus Pass
Posts: 5,530
As a data reference point I got an email from Aegean before I saw the BA one informing me about the hacked Star Alliance issue:
Dear Miles+Bonus member,
AEGEAN was notified by SITA (Société Internationale de Télécommunications Aéronautiques), a third party system provider of another Star Alliance airline, that it had experienced a cyber security incident involving certain passenger data that was stored in its passenger service system which is used to support airline operations.
In particular, the passenger data impacted by this incident was the name, membership number and tier status of Frequent Flyer Program members. These are the data made available by AEGEAN to Star Alliance and through SITA to other Star Alliance airlines, to allow Frequent Flyer status recognition around the world.
The incident did not affect members’ password or any other sensitive personal information (email, reservations, ID card or payment card information) which were not available in this database as they are not shared by AEGEAN or the other Star Alliance member airlines.
There is no evidence that your account data in AEGEAN Miles+Bonus program have been compromised or misused and no action is required on your side. The incident did not affect AEGEAN own systems in any way.
By this proactive communication, we intend to make you aware of the above and we kindly ask you to address or report at [email protected] any relevant query or issue.
Best Regards,
Miles+Bonus
AEGEAN was notified by SITA (Société Internationale de Télécommunications Aéronautiques), a third party system provider of another Star Alliance airline, that it had experienced a cyber security incident involving certain passenger data that was stored in its passenger service system which is used to support airline operations.
In particular, the passenger data impacted by this incident was the name, membership number and tier status of Frequent Flyer Program members. These are the data made available by AEGEAN to Star Alliance and through SITA to other Star Alliance airlines, to allow Frequent Flyer status recognition around the world.
The incident did not affect members’ password or any other sensitive personal information (email, reservations, ID card or payment card information) which were not available in this database as they are not shared by AEGEAN or the other Star Alliance member airlines.
There is no evidence that your account data in AEGEAN Miles+Bonus program have been compromised or misused and no action is required on your side. The incident did not affect AEGEAN own systems in any way.
By this proactive communication, we intend to make you aware of the above and we kindly ask you to address or report at [email protected] any relevant query or issue.
Best Regards,
Miles+Bonus
Mar 5, 2021, 12:46 pm
#59
Join Date: Jun 2012
Programs: IHG Spire Ambassador, Club Carlson Gold, HHonors Gold, Best Western Diamond Select, BA Blue
Posts: 1,335
Managed to change my password for ba.com using the 'Forgot details' option. Now I can't log in at all. Doesn't recognise my email address or membership number at all now. How difficult can this be?
Mar 5, 2021, 12:50 pm
#60
Join Date: Jun 2012
Programs: IHG Spire Ambassador, Club Carlson Gold, HHonors Gold, Best Western Diamond Select, BA Blue
Posts: 1,335
Something I noticed in the email from BA about this data breach and resetting of passwords:
What is this verification step?
Please log into your account and reset your password
Please create a new password that you have not used elsewhere
Once your password has been reset and you have completed a verification step, you will be able to regain full access to your account
Please create a new password that you have not used elsewhere
Once your password has been reset and you have completed a verification step, you will be able to regain full access to your account