We'd like to remind Forumites to please avoid political debate on the Forum. This is to keep it a safe and useful space for MoneySaving discussions. Threads that are - or become - political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

British Airways Data Breach

Options
2»

Comments

  • Slinky
    Slinky Posts: 10,109 Forumite
    Name Dropper First Anniversary First Post
    Options
    Well 4% of global turnover for a breach of GDPR regulations could be a significant fine. It'll be interesting to see if this data breach is taken as seriously as it could be.
    Make £2024 in 2024
    Prolific to 29/2/24 £184.97, Chase Interest £11.88, Chase roundup interest £0.18, Chase CB £16.96, Roadkill £1.10, Octopus referral reward £50, Octopoints £6.30 to 31/1/24, Topcashback £4.64, Shopmium £3
    Total £279.03/£2024  13.8%

    Make £2023 in 2023
    Water sewerage refund: £170.62,Topcashback: £243.47, Prolific: to 31/12/23 £975, Haggling: £45, Wombling(Roadkill): £6.04,  Chase CB £149.34, Chase roundup interest £1.35, WeBuyBooks:£8.37, Misc sales: £406.59, Delay repay £22, Amazon refund £3.41, EDF Smart Meter incentive £100, Santander Edge Cashback-Fees: £25.14, Octopus Reward £50, Bank transfer incentives £400
    Total: £2606.33/£2023  128.8%

  • msallen
    msallen Posts: 1,494 Forumite
    First Anniversary Name Dropper First Post
    Options
    Briocka wrote: »
    I have been informed and BA is refusing to cancel my card! But only in a recorded message so how do I prove it further down the line?

    BA did not issue your card and they cannot cancel it. Amex issued your card with BA branding on it.

    If any fraudulent transactions were to appear on your account it would be Amex that you would take this up with, not BA, so you don't have to prove anything to anyone.
  • gingercordial
    gingercordial Posts: 1,681 Forumite
    Name Dropper First Post First Anniversary
    Options
    I am one of those affected (have had the e-mail from BA) but for the moment I am willing to wait and see if anything happens on my Amex - I am confident that if anything fraudulent does appear they will reverse it. I am already in the habit of checking and reconciling transactions daily so should spot anything quickly. I have also set up the transaction notification function in the Amex app so will now get pinged immediately on my phone for anything that's attempted.

    I'm not happy with BA's communication so far but don't feel the need to cancel my card at this stage.
  • frugalfran
    frugalfran Posts: 187 Forumite
    First Anniversary Combo Breaker First Post
    Options
    We had bought tickets from BA - had 2 emails, one with no content, the 2nd the standard one. Phoned Tesco credit cards, they cancelled the card and will replace it - no questions, no problems.

    Seems safer to have had it cancelled, but now we are watching emails and the phone with suspicion......
  • Cpl_Jones
    Cpl_Jones Posts: 4 Newbie
    Options
    Ditto with First Direct. Card cancelled on their advice and a new one on it's way.
  • gingercordial
    gingercordial Posts: 1,681 Forumite
    Name Dropper First Post First Anniversary
    Options
    Those with Amex (BA branded or not): I have just had an e-mail through from them which I assume we will all receive in due course.

    Dear Cardmember,

    I'm writing to you about the reported British Airways data breach involving personal and financial details of customers being compromised through their web and mobile app.

    We want to assure you we have industry-leading fraud protection technology that is continually monitoring for any suspicious activity in order to safeguard you. Also, our Cardmembers are never liable for any fraudulent charges on their Accounts. If you have used your American Express Card to book with British Airways, we are monitoring your Account for you.

    There is no action you need to take – we will contact you immediately if there's any unusual activity with your Account. In the meantime you can continue to use your Card as normal.

    If we see any unusual activity which could be fraud, we will contact you immediately. For added protection, you can also sign up for free fraud and other Account activity notifications via email, SMS text messaging, or alerts through our app.

    Thank you for your continued Cardmembership.

    The part in bold was in bold in their e-mail too. Therefore this confirms their recorded message - there is currently no need to cancel your card.

    I am sure that if anything fraudulent transactions appear it'll be easy to point to the BA transaction in the relevant time period to prove you are one of the affected.
  • Penelopa.Pitstop
    Penelopa.Pitstop Posts: 1,153 Forumite
    First Post Name Dropper First Anniversary
    Options
    I used MBNA card for reward tickets and got refund as well in data breach period. I asked for a new card, just in case. Didn't get any email from BA.
  • Nasqueron
    Nasqueron Posts: 9,169 Forumite
    Name Dropper First Post First Anniversary Combo Breaker
    Options
    Blondetotty wrote: »
    I'm fuming this morning. I had the email last night and this morning called MBNA as I'd booked a bag on my flight last week for next weeks holiday.

    They've cancelled the card and confirmed no unauthorised transactions but it leaves me without a method of paying the deposit on my hire car as I'd transferred 1k to that card over the last couple of months to cover it. All my other cards are being paid off and cut up so I've got zero back-up plan.

    The "we take the protection of your personal information very seriously" bit at the end of the email along with the whole yeh sorry about that attitude just finished me off. Never again BA. Should have trusted my gut after the last time I swore I'd never use you again.

    FUMMIN!!

    Do be aware that if you mean you loaded your credit card with overpayments to put you in credit then you may well be in breach of your card terms and conditions which usually ban deliberately putting the card in credit, they will normally return the money.

    Why not ask one of the other providers to send a new card if you need the card physically for your car booking?
  • benroles
    benroles Posts: 67 Forumite
    Options
    From what I can gather this was a injection attack via third-party vector. It is now commonplace to use code libraries or 'widgets' from third parties. All you do is insert a call to that third-party hosted library. I believe it what was one of those third party scripts that was affected.

    A review of the injected script suggests it simply skimmed form-submissions and sent them to a third-party server.

    In my mind what this means is that only where data was ENTERED was it subject to interception. This is how the CVV code was included in the leak - because it has to be entered. As people say, it should never be stored and I don't believe it was.

    Conversely what this means though is where card details were stored (as I did) they COULDN'T be intercepted as actually nothing was entered (barring ironically CVV).

    Thus only where full details were entered manually is there a risk of interception.
  • allybol
    allybol Posts: 2 Newbie
    Options
    We booked and paid for our flights BEFORE the dates BA are stating and were still contacted by BA and our bank to get a new card. We have not updated anything during the dates BA have published. Just thought everyone should know this. Our bank are giving us a new card. We didn't think we were affected but according to our bank our name has shown that it is.
This discussion has been closed.
Meet your Ambassadors

Categories

  • All Categories
  • 12 Election 2024: The MSE Leaders' Debate
  • 344.2K Banking & Borrowing
  • 250.4K Reduce Debt & Boost Income
  • 450.1K Spending & Discounts
  • 236.3K Work, Benefits & Business
  • 609.7K Mortgages, Homes & Bills
  • 173.6K Life & Family
  • 248.9K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 15.9K Discuss & Feedback
  • 15.1K Coronavirus Support Boards