We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
British Airways Data Breach
Comments
-
Well 4% of global turnover for a breach of GDPR regulations could be a significant fine. It'll be interesting to see if this data breach is taken as seriously as it could be.Make £2025 in 2025
Prolific £617.02, Octopoints £5.20, TCB £398.58, Tesco Clubcard challenges £89.90, Misc Sales £321, Airtime £60, Shopmium £26.60, Everup £24.91 Zopa CB £30
Total (4/9/25) £1573.21/£2025 77%
Make £2024 in 2024
Prolific £907.37, Chase Int £59.97, Chase roundup int £3.55, Chase CB £122.88, Roadkill £1.30, Octopus ref £50, Octopoints £70.46, TCB £112.03, Shopmium £3, Iceland £4, Ipsos £20, Misc Sales £55.44Total £1410/£2024 70%Make £2023 in 2023 Total: £2606.33/£2023 128.8%0 -
I have been informed and BA is refusing to cancel my card! But only in a recorded message so how do I prove it further down the line?
BA did not issue your card and they cannot cancel it. Amex issued your card with BA branding on it.
If any fraudulent transactions were to appear on your account it would be Amex that you would take this up with, not BA, so you don't have to prove anything to anyone.0 -
I am one of those affected (have had the e-mail from BA) but for the moment I am willing to wait and see if anything happens on my Amex - I am confident that if anything fraudulent does appear they will reverse it. I am already in the habit of checking and reconciling transactions daily so should spot anything quickly. I have also set up the transaction notification function in the Amex app so will now get pinged immediately on my phone for anything that's attempted.
I'm not happy with BA's communication so far but don't feel the need to cancel my card at this stage.0 -
We had bought tickets from BA - had 2 emails, one with no content, the 2nd the standard one. Phoned Tesco credit cards, they cancelled the card and will replace it - no questions, no problems.
Seems safer to have had it cancelled, but now we are watching emails and the phone with suspicion......0 -
Ditto with First Direct. Card cancelled on their advice and a new one on it's way.0
-
Those with Amex (BA branded or not): I have just had an e-mail through from them which I assume we will all receive in due course.
Dear Cardmember,
I'm writing to you about the reported British Airways data breach involving personal and financial details of customers being compromised through their web and mobile app.
We want to assure you we have industry-leading fraud protection technology that is continually monitoring for any suspicious activity in order to safeguard you. Also, our Cardmembers are never liable for any fraudulent charges on their Accounts. If you have used your American Express Card to book with British Airways, we are monitoring your Account for you.
There is no action you need to take – we will contact you immediately if there's any unusual activity with your Account. In the meantime you can continue to use your Card as normal.
If we see any unusual activity which could be fraud, we will contact you immediately. For added protection, you can also sign up for free fraud and other Account activity notifications via email, SMS text messaging, or alerts through our app.
Thank you for your continued Cardmembership.
The part in bold was in bold in their e-mail too. Therefore this confirms their recorded message - there is currently no need to cancel your card.
I am sure that if anything fraudulent transactions appear it'll be easy to point to the BA transaction in the relevant time period to prove you are one of the affected.0 -
I used MBNA card for reward tickets and got refund as well in data breach period. I asked for a new card, just in case. Didn't get any email from BA.0
-
Blondetotty wrote: »I'm fuming this morning. I had the email last night and this morning called MBNA as I'd booked a bag on my flight last week for next weeks holiday.
They've cancelled the card and confirmed no unauthorised transactions but it leaves me without a method of paying the deposit on my hire car as I'd transferred 1k to that card over the last couple of months to cover it. All my other cards are being paid off and cut up so I've got zero back-up plan.
The "we take the protection of your personal information very seriously" bit at the end of the email along with the whole yeh sorry about that attitude just finished me off. Never again BA. Should have trusted my gut after the last time I swore I'd never use you again.
FUMMIN!!
Do be aware that if you mean you loaded your credit card with overpayments to put you in credit then you may well be in breach of your card terms and conditions which usually ban deliberately putting the card in credit, they will normally return the money.
Why not ask one of the other providers to send a new card if you need the card physically for your car booking?Sam Vimes' Boots Theory of Socioeconomic Unfairness:
People are rich because they spend less money. A poor man buys $10 boots that last a season or two before he's walking in wet shoes and has to buy another pair. A rich man buys $50 boots that are made better and give him 10 years of dry feet. The poor man has spent $100 over those 10 years and still has wet feet.
0 -
From what I can gather this was a injection attack via third-party vector. It is now commonplace to use code libraries or 'widgets' from third parties. All you do is insert a call to that third-party hosted library. I believe it what was one of those third party scripts that was affected.
A review of the injected script suggests it simply skimmed form-submissions and sent them to a third-party server.
In my mind what this means is that only where data was ENTERED was it subject to interception. This is how the CVV code was included in the leak - because it has to be entered. As people say, it should never be stored and I don't believe it was.
Conversely what this means though is where card details were stored (as I did) they COULDN'T be intercepted as actually nothing was entered (barring ironically CVV).
Thus only where full details were entered manually is there a risk of interception.0 -
We booked and paid for our flights BEFORE the dates BA are stating and were still contacted by BA and our bank to get a new card. We have not updated anything during the dates BA have published. Just thought everyone should know this. Our bank are giving us a new card. We didn't think we were affected but according to our bank our name has shown that it is.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.6K Banking & Borrowing
- 253.3K Reduce Debt & Boost Income
- 453.9K Spending & Discounts
- 244.6K Work, Benefits & Business
- 599.9K Mortgages, Homes & Bills
- 177.2K Life & Family
- 258.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards