BA Data Theft

Back to Forum

This topic contains 74 replies, has 35 voices, and was last updated by  Swissdiver 9 Feb 2019
at 10:42
.

Viewing 15 posts - 31 through 45 (of 75 total)

  • Tom Otley
    Keymaster

    Just to reiterate the point in my post that BT appears to have deleted, I expect my bank to keep my money safe, just because it is stolen by thieves is not an excuse.

    Sorry RFerguson, but I think you are wrong.

    And it’s interesting that BT deletes a critique of a large advertiser QED.

    Just the personal abuse of the CEO.

    Last warning.


    Sanran
    Participant

    One reason more to confirm I did the right choice: never put my credit card on an internet site.
    i just buy my tickets through a travel agency and pay them.
    So easy!


    Henryp1
    Participant

    I don’t believe I have been affected, it’s an annoying situation which affects numerous types of businesses. Earlier I received an e-mail from AmEx and it’s always reassuring to know that any fraudulent transactions will always be refunded, an inconvenience but for me a good enough guarantee. If I was affected by the latest breach which affects BA, I wouldn’t be expecting any Avios or other types of compensation, as the fraudulent transactions would have been credited back to my account. The good thing about AmEx is that any queried transaction is always taken off the statement to be paid until any investigation has been completed.

    The other day my bank had issues with the clearing system used for debit cards, with transactions on a particular day being debited twice. These were then refunded a couple of days later, but anyone who had suffered like being overdrawn would not be charged.


    rferguson
    Participant

    Hopefully this will herald the demise of the peseta-pinching Basque who has introduced so many of the cuts and consequently damaged the reputation of a once proud airline.

    Capetonian you have to remember WHO appointed AC and why. He was appointed by Willie ‘the slayer’ Walsh and because of his reputation of strictly controlling costs. Personally from an employee perspective (on the longhaul front) I think the cuts have been less than when we had his superior at the helm.

    But make no mistake – Mr Walsh still pulls the strings from IAG HQ.

    1 user thanked author for this post.

    Swissdiver
    Participant

    rferguson, I could agree with you if, and only if, we were not in front of an IT cost cutting strategy that turns into a nightmare not only for the clients, but also for the staff and the company. We are here in front of a breach that lasted over 2 weeks with no one capable to spot it. And the website is still not working properly, contrarily to what is said.

    2 users thanked author for this post.

    SimonS1
    Participant

    Dear oh dear. How many more bo**ocks are BA going to drop.

    Usual strategy too – cover arses, blame others, and delegate the clean up to banks and insurers.

    Even the defenders of the faith over on FT are upset.

    Tricky one for BT I guess, an advertiser and patron….I see some posts have ‘disappeared’ from the board. Damned recaptcha lol.

    1 user thanked author for this post.

    747foreverforus
    Participant

    I had exactly the same email from AMEX, very reassuring


    747foreverforus
    Participant

    I guess that whilst BA is making great profits, Mr Cruz is safe. It will be more interesting if the U.K data commissioner decides to impose the maximum fine possible, that could be a game changer fro Mr Cruz


    capetonianm
    Participant

    BA could be looking at a fine of up to £490 million – of course that is a theoretical and unlikely maximum, but even a fraction of that will look good on Cruz’s bottom line, poor chap.

    As for ‘personal abuse of the CEO’, there’s a thin line between expressing a negative opinion of his poor management and behaviour, and ‘abuse’. To some degree, a question of perspective.

    1 user thanked author for this post.

    openfly
    Participant

    For the first time ever….I disagree with rferguson.

    You miss the point that all the data was “stolen”. If you have a personal burglary at home you stop and think that maybe a better alarm system could have stopped your property from disappearing….but too late.

    In this case, BA had care of valuable property belonging to third parties.

    We trusted BA to a certain extent to protect us. However the data was stolen, and however sophisticated, BA should have the most robust security protection system in place. And for this theft to have continued for 2 weeks is a total disgrace.

    Sorry rferguson this shouldn’t have happened and for all the fluffing from Cruz, he and Walsh are ultimately responsible for this theft of our important data.

    Perhaps a more expensive burglar alarm will prevent it happening again, but that would cost money….!

    3 users thanked author for this post.

    CathayLoyalist2
    Participant

    Panic over. Remember what Cruz said in his BBC interview quote “I have a formidable team working for me”!!.


    capetonianm
    Participant

    “I have a formidable team working for me”!!.

    In his dreams.


    Gold-2K
    Participant

    I have had another mail from BA saying I have been impacted and the data lost includes CVV number.

    I thought it was illegal for CVV numbers to be stored / retained?


    capetonianm
    Participant

    I don’t know if it’s ‘illegal’ but it is appalling practice and is almost certainly against the code of conduct (I forget what it’s called) which regulates card transactions.

    Having been involved with airline and OLTA call centre management, I know that some routinely store the CVV. It has to be manually stored as most systems do not retain it, nor do they retain the full 16 digit card number, since once the transaction is authorised at least 8, and usually 12, of the digits are replaced by Xs, and the CVV number just disappears, so for example 5522123456789012/1221*666 where 1221 is the expiry and 666 is the CVV would show after end transaction as XXXXXXXXXXXX9012*55555 where 55555 is the authorisation code.

    Some parties store the full number and CVV, ‘in case’ they have to subsequently charge the passenger for something else such as a rerouting or abuse of cheap return tickets. Clearly and for many reasons this is unethical and poor practice, but it is done by inserting an additional line into the PNR, visibility of which may be restricted only to selected parties, or it may be visible to anyone who is able to view the PNR. This depends on how it was entered and various settings.

    Some years ago one of my cards was fraudulently used to purchase tickets on FlySaa.com. I was able to prove that they had stored the full details from a legitimate purchase I had made some weeks earlier, and these were accessed and used by other employees. Ironically, as I had done some work for them at their head office, I knew not only the head of the department concerned but also the modus operandi of the crooks. It resulted in an ‘interesting’ conversation between myself and the department manager when I told him I had printouts of the records concerned.

    It’s an interesting topic for discussion.


    Swissdiver
    Participant

    I have had another mail from BA saying I have been impacted and the data lost includes CVV number.

    I thought it was illegal for CVV numbers to be stored / retained?

    To my understanding (based on what is said so potentially speculative), the IT flows were intercepted. This is why the CCV code is part of the stolen data.

Viewing 15 posts - 31 through 45 (of 75 total)
You must be logged in to reply to this topic.
Be up-to-date
Magazine Subscription
To see our latest subscription offers for Business Traveller editions worldwide, click on the Subscribe & Save link below
Polls