[Tom Otley]

There was a better interview on Radio 4’s Today programme – better in the sense of more probing questions.

https://www.bbc.co.uk/programmes/b0bgp8g6

[SwissExPat]

I am one of these affected customers who made a booking and have just called my credit card provider (Credit Suisse)

The person there was fully aware of the issue and told me Credit Suisse were having a meeting today to decide what to do.

They cancelled my card during the phone call (I did not seem to have an option) and they will reissue immediately.

Thankfully, as my AMEX card was used for the BA bookings, the associated Mastercard was still available to me (and was Not cancelled) and I can still use it… (I am departing on a business trip tomorrow for 5 days).

I told the CS Agent that I woulud have expected the card company to contact all those who had made bookings on BA.com and were affected (my knowlegde of writing a query on SQL to interrogate a database helped here) but they said “it was not that simple”.

Worrying times..

[Tom Otley]

Thye are indeed, and of course it’s not the first time.

But looking back over our stories on the subject, it’s hard to find an airline or hotel company that hasn’t been affected.

In many ways I think the Uber one was the worst.

https://www.businesstraveller.com/tag/data-protection/

[Montysaurus]

I have tried to change my log in details on BA.com but to do so I need to put in my current password (if someone has hacked my account then will they will be able to see my new password?) but BA doesn’t recognise me as my current password doesn’t match their records so I can’t change it. In addition the current password shows **** but I stopped using a 4 character password several years ago for an 8 character one!
I have still managed to log into the BA app though.
BA must spend some real money on fixing their IT problems – it is time for them to bite the bullet.

[FDOS_UK]

[quote quote=887386]I have tried to change my log in details on BA.com but to do so I need to put in my current password (if someone has hacked my account then will they will be able to see my new password?) but BA doesn’t recognise me as my current password doesn’t match their records so I can’t change it. In addition the current password shows **** but I stopped using a 4 character password several years ago for an 8 character one!

I have still managed to log into the BA app though.

BA must spend some real money on fixing their IT problems – it is time for them to bite the bullet.[/quote]

Montysaurus

I had the same problem, but then logged out and used the ‘Forgotten PIN/Password’ link under the PIN/Password box. I received an emailed link to reset and it worked.

1 user thanked author for this post.

Montysaurus

[Tom Otley]

We’ve been sent the following (seems to be what was on the website, but also details the credit rating service)

“No British Airways customer will be left out of pocket as a result of this criminal cyber attack on its website, ba.com, and the airline’s mobile app.

The airline has guaranteed that financial losses suffered by customers directly because of the theft of this data from British Airways will be reimbursed, and is recommending that customers contact their bank or card provider if they made a booking or change to their booking between 22:58 BST August 21 2018 and 21:45 BST September 5 2018.

We understand that this incident will cause concern and inconvenience. We have contacted all affected customers to say sorry, and we will continue to update them in the coming days. British Airways will not be contacting any customers asking for payment card details, any such requests should be reported to the police and relevant authorities.

British Airways continues to investigate with the police and cyber specialists, and has reported the data theft to the Information Commissioner.

Will I be compensated?
Yes. No one will be out of pocket. Any customers who have suffered financial losses as a direct result of the theft of their payment card details from BA will be compensated. Further, we will offer a 12 month credit rating monitoring service to any affected customer who is concerned about an impact to their credit rating, provided by specialists in the field.

How will you compensate me?
We are working through the process and will update our customers as soon as we can.

Exactly which details were stolen?
Name, address, bank card details including CVC code. No passport details or travel details were compromised.

Was the financial information encrypted?
We are investigating with police, and do not want to compromise a criminal investigation.

Why do you hold CVC information?
We do not hold CVC details.
We are investigating with police, and do not want to compromise a criminal investigation.

How are you contacting customers?
We are in the process of emailing every customer affected.

BA also says that “If you receive a communication from BA we will NOT ask you for your payment card details in dealing with this incident, and should anyone do so you should not provide those details and should notify your bank and the relevant authorities.”

[Gold-2K]

[quote quote=887375]I am one of these affected customers who made a booking and have just called my credit card provider (Credit Suisse)

The person there was fully aware of the issue and told me Credit Suisse were having a meeting today to decide what to do.

They cancelled my card during the phone call (I did not seem to have an option) and they will reissue immediately. [/quote]

I called Amex and they said they were monitoring activity but no action was needed. Card still active.

[TiredOldHack2]

Mrs ToH is one of those affected and is unimpressed. She’s notified Lloyds (Avios credit cards: how ironic?). Lloyds says they’ll notify her if they think there’s any unusual activity on her account.

So, SOP with no extra vigilance?

[FrDougal]

So I have just received the email of shame from BA suggesting my card details may have been caught up in all of this. Call to the bank made, new cards enroute.

Is there much point contacting BA for a few Avios for my troubles or should I not bother?

[Gold-2K]

I have changed my exec club password and can log in fine on BA.com

However I can’t get in to the BA App on my iPhone. I have even deleted and reinstalled the App but when I log in with my new details I get an error message. Anyone else experienced this?

[rferguson]

Those that know me on this forum also know i’m seldom an apologist for BA. But I think a lot of the comments on this thread are a bit one sided. BA had the data stolen. Stolen. Not ‘given’ by BA. The same thing has happened at many other well known companies as Tom has mentioned upthread – other airlines, hotel chains, banks, insurance companies. BA only announced the theft to staff yesterday – and said they would email all passengers concerned as well as take out full page ads in all the national media. They’ve also said they will compensate anyone who has had any financial loss due to the theft.

I think it’s kind of sad when the first thing people reach for during these times are ‘compensation’. Contact BA for a few Avios…for what? Because you are one of 380K customers that had to call your bank and they advised you to have some new cards sent out as the data had been stolen from BA? I mean if I had to go and print the cards myself and walk to the bank to do so I may expect something but….

It’s exactly this kind of ‘compensation culture’ that ends up ruining it for everyone. When BA used to throw around the Avios a few years back as compensation for anything and everything there were guides on some forums on how to sabotage your own IFE to garner the associated ‘compensation’. All that ended up happening is that the whole system was tightened up and now it’s hard to get compensation for virtually anything.

It’s ironic the timing of this post as I was only having a conversation about the compensation culture with a friend who has a senior position in SPG and he was saying how they struggle with it as well….the trivial things people will contact them for demanding a free night or credits or points. He was saying he’d just finished dealing with a case where a hotel guest claimed the Bellman/Valet damaged his car whilst parking the vehicle and demanded compensation. SPG pulled the CCTV to show that it was actually the owner of the vehicle driving at the time.

Just to conclude – I too had to call my bank this morning and have my cards replaced as I had made a revenue (hotline) booking during the period. Which isn’t the first time i’ve had to do it because my account details have been compromised and will unlikely be my last. Thankfully, i’ve never had any transactions appear in these cases as the technology of the banks seem pretty savvy. And had I, I would have fully expected the merchant to reimburse me in full and swiftly. But until such a thing happens it’s keep calm and carry on.

3 users thanked author for this post.

Cheeryguy, FaroFlyer, Paul

[capetonianm]

The weaker your security is the more likely you are to have goods or data stolen. It’s become abundantly clear over the last few years that BA’s IT leaves an enormous amount to be desired and obviously when something like this happens people are going to point fingers.

It’s yet another one of a sequence of events that shows BA in an extremely poor light.

[FDOS_UK]

Just to reiterate the point in my post that BT appears to have deleted, I expect my bank to keep my money safe, just because it is stolen by thieves is not an excuse.

Sorry RFerguson, but I think you are wrong.

And it’s interesting that BT deletes a critique of a large advertiser QED.

[stevescoots]

This has happened to a great many companies so i am not going to chastize BA too much on it. I made 4 transactions over the period affected, have not had anything from BA on the matter but have from Amex.

Dear Cardmember,
I’m writing to you about the reported British Airways data breach involving personal and financial details of customers being compromised through their web and mobile app.

We want to assure you we have industry-leading fraud protection technology that is continually monitoring for any suspicious activity in order to safeguard you. Also, our Cardmembers are never liable for any fraudulent charges on their Accounts. If you have used your American Express Card to book with British Airways, we are monitoring your Account for you.

There is no action you need to take – we will contact you immediately if there’s any unusual activity with your Account. In the meantime you can continue to use your Card as normal.

If we see any unusual activity which could be fraud, we will contact you immediately. For added protection, you can also sign up for free fraud and other Account activity notifications via email, SMS text messaging, or alerts through our app.

[StephenLondon]

I had two different cards that I used to make purchases at BA.COM during the relevant period. The first thing I did this morning when I saw the email from BA is to have the cards re-issued (perhaps better to be at the front of the queue than at the end). I did this more for peace of mind than anything else. However, although people are being ‘vigilant’ today, what might happen in two months, during the run up to Christmas, when some numpty on the dark web uses my pilfered card details for their pleasure? Or whilst I’m travelling abroad? No thanks…I’ll take the bull by the horns now and act whilst I can at a time that is more convenient to me.

I am extremely disappointed with BA. This is poor on their part, especially if shown that they were transmitting card data (including CVV numbers) in a non-encrypted format. They ought to know better. I am more amazed Sr Cruz has yet another issue during his tenure…just how many incidents are happening on his watch? Perhaps it is time to get someone in who can focus on the airline, rather than on wherever Mr. Cruz’s attention is focussed. I found myself agreeing with a gentleman on the BBC who said he found Mr. Cruz’s apology to be mealy-mouthed. It was cringe-worthy, lacked any genuine remorse or concern. BA are better than this! Let’s hope the BA Board think so, and say adiós to the Chairman/CEO.

[Author]

Posts