What more do we know about the British Airways data breach?
Links on Head for Points may support the site by paying a commission. See here for all partner links.
Friday was one of those occasional crazy days for us. Whenever British Airways is leading the news agenda we are normally sucked along in the tailwind, whether we like it or not. Thanks to everyone who shared their experiences and suggestions via our comments.
I popped up in the Daily Telegraph (see here), The Guardian and Daily Express and I did a segment for talkRADIO. I was even invited on Good Morning Britain but unfortunately (or not) the invite arrived after I had gone to bed on Thursday.
What did we actually learn though?
The key revelation yesterday was the sheer breadth of data that was stolen.
We know that 380,000 bookings were compromised. These were made between 22:58 on 21st August and 21:45 on 5th September. For all of those bookings, the hackers have your:
- email address
- postal address
- credit card number
- expiration date
- CVV
…. according to Alex Cruz on Radio 4. The CVV data gives a clue to how this happened. Companies are not allowed to store CVV numbers. This means that the data was stolen on the journey from the BA IT system to BA’s payment processing company.
Who was impacted?
It still isn’t clear. British Airways has said that only bookers at ba.com and via the mobile app were affected.
However, various reports in our comments and elsewhere suggest that people who have booked via telephone and with BA Holidays are receiving emails saying their details are compromised. People who have only had money REFUNDED are also reporting getting the email. It is probably best to assume that any transaction you’ve made which led to a BA credit card charge or refund is likely to be at risk.
Am I at risk if I didn’t make a booking?
No. Any stored cards you have at ba.com were not compromised.
No passport or flight data was stolen either, as this is not passed to the payment processing company.
Whilst ba.com now says “The personal and financial details of customers making or changing bookings on ba.com and the airline’s mobile app were compromised.”, my reading of this is that you only have issues if you made a change which incurred a change fee. Paying the change fee will have exposed your card details.
Will BA be fined for this?
Almost certainly, under the new GDPR regime which came into force this year. It is likely to be the first major penalty enforced since those rules were adopted. It will be interesting to see what level it is set at, given that the cap is 4% of BA’s (huge) turnover.
IAG’s share price fell 3.6% yesterday morning as investors worries about compensation payments and the impact on future bookings but had recovered to a 1.35% fall by the end of the day. The overall market was only down 0.55%.
Talking of the new regulations ….
This, from the ICO website, is what the Information Commissioners Office says a company has to tell its customers when it discovers a breach. British Airways did not comply with this in its original email to those who were impacted, which is why it had to send a 2nd email last night. These are the rules:
“You need to describe, in clear and plain language, the nature of the personal data breach and, at least:
- the name and contact details of your data protection officer (if your organisation has one) or other contact point where more information can be obtained;
- a description of the likely consequences of the personal data breach; and
- a description of the measures taken, or proposed to be taken, to deal with the personal data breach and including, where appropriate, of the measures taken to mitigate any possible adverse effects.”
Should I pro-actively cancel my credit card?
There is no evidence yet of any card fraud linked to this breach.
This in itself is odd. Why go to all the trouble of stealing this data if you are not going to cash in on it?
American Express has decided to do nothing. If you want full peace of mind, I recommend reporting your card as ‘lost’ via the website which will trigger a new one. Monzo, Starling, Virgin Money and Tesco Bank, amongst others have said that any card which was used for a BA transaction will automatically be replaced.
If you want to know more …..
There is a dedicated British Airways web page with more information which you can find here.
PS. If you are not a regular Head for Points visitor, why not sign up for our FREE weekly or daily newsletters? They are full of the latest Avios, airline, hotel and credit card points news and will help you travel better. To join our 65,000 free subscribers, click the button below or visit this page of the site to find out more. Thank you.
How to earn Avios from UK credit cards (April 2025)
As a reminder, there are various ways of earning Avios points from UK credit cards. Many cards also have generous sign-up bonuses!
In February 2022, Barclaycard launched two exciting new Barclaycard Avios Mastercard cards with a bonus of up to 25,000 Avios. You can apply here.
You qualify for the bonus on these cards even if you have a British Airways American Express card:
Barclaycard Avios Plus Mastercard
Get 25,000 Avios for signing up and an upgrade voucher at £10,000 Read our full review
Barclaycard Avios Mastercard
Get 5,000 Avios for signing up and an upgrade voucher at £20,000 Read our full review
There are two official British Airways American Express cards with attractive sign-up bonuses:
British Airways American Express Premium Plus
30,000 Avios and the famous annual 2-4-1 voucher Read our full review
British Airways American Express
5,000 Avios for signing up and an Economy 2-4-1 voucher for spending £15,000 Read our full review
You can also get generous sign-up bonuses by applying for American Express cards which earn Membership Rewards points. These points convert at 1:1 into Avios.
SPECIAL OFFER: Until 27th May 2025, the sign-up bonus on the ‘free for a year’ American Express Preferred Rewards Gold card is increased from 20,000 Membership Rewards points to 30,000 points. Points convert 1:1 into Avios (30,000 Avios!) and many other programmes. Some people may see even higher personalised offers. Click here to apply.
SPECIAL OFFER: Until 27th May 2025, the sign-up bonus on American Express Platinum is increased from 50,000 Membership Rewards points to a huge 80,000 points. Points convert 1:1 into Avios (80,000 Avios!) and many other programmes. Some people may see even higher personalised offers. Click here to apply.
American Express Preferred Rewards Gold
Your best beginner’s card – 30,000 points, FREE for a year & four airport lounge passes Read our full review
The Platinum Card from American Express
80,000 bonus points and great travel benefits – for a large fee Read our full review
Run your own business?
We recommend Capital on Tap for limited companies. You earn 1 Avios per £1 which is impressive for a Visa card, and the standard card is FREE. Capital on Tap cards also have no FX fees.
Capital on Tap Visa
NO annual fee, NO FX fees and points worth 1 Avios per £1 Read our full review
Capital on Tap Pro Visa
10,500 points (=10,500 Avios) plus good benefits Read our full review
There is also a British Airways American Express card for small businesses:
British Airways American Express Accelerating Business
30,000 Avios sign-up bonus – plus annual bonuses of up to 30,000 Avios Read our full review
There are also generous bonuses on the two American Express Business cards, with the points converting at 1:1 into Avios. These cards are open to sole traders as well as limited companies.
American Express Business Platinum
50,000 points when you sign-up and an annual £200 Amex Travel credit Read our full review
American Express Business Gold
20,000 points sign-up bonus and FREE for a year Read our full review
Click here to read our detailed summary of all UK credit cards which earn Avios. This includes both personal and small business cards.
David 
Mark 
Sue Bentley 
Anna 
Yuff 
Trickster 
Graham 
Rob 
AndyR 
Paul 
BJ 
MDA 
anon 
Ahe_g 
Comments (103)