Oh boy, just when British Airways customers thought they’d heard the last of the British Airways data hack, it’s back with a bang.

As a reminder, we were originally told that 380,000 customers were affected over a 16-day period. BA has now admitted that this wasn’t the extent of it.

BA data hack.PNG

What new info do we have?

In an update, BA has revealed hackers may have stolen additional personal data, affecting:

  • 77,000 people who had their name, billing address, email address, card payment information, including card number, expiry date and CVV stolen
  • 108,000 people who had all of the above stolen apart from the CVV.

The ‘newly affected’ customers are people who made Avios bookings between April 21 and July 28, 2018! This affects those who made bookings on ba.com but bookings via the BA app were not compromised.

Crucially, we now know that the affected period is much longer than the originally quoted 16 days. 

BA do say this:

While we do not have conclusive evidence that the data was removed from British Airways’ systems, we are taking a prudent approach in notifying potentially affected customers, advising them to contact their bank or card provider as a precaution. Customers who are not contacted by British Airways by Friday 26 October at 1700 GMT do not need to take any action.

There have been “no cases of verified fraud”, apparently.

There are a couple of consolation prizes in this latest bulletin from BA. Of the initially-announced figure of 380,000 affected payment cards, only 244,000 were affected. They have also said that there have been no verified cases of fraud.

Amex quick out of the blocks

In an attempt to prevent their phone lines being clogged with worried BA customers again, Amex swiftly had an email out to customers. They are advising:

There is no action you need to take – we will contact you immediately if there’s any unusual activity with your Account. In the meantime you can continue to use your Card as normal.

This seems to have been a mass mailing to all cardholders, as I’ve received the email on an account that wasn’t open at the time of the breach(es).

You can read the latest BA update, along with a FAQs section, on this page of the BA website.

If you have been affected, you can expect an email from BA by 5pm today.

What do you make of these latest BA revelations?



This site uses Akismet to reduce spam. Learn how your comment data is processed.