 Poster: A snowHead
|
|
|
|
Obviously A snowHead isn't a real person
Obviously A snowHead isn't a real person
|
@chocksaway, thanks for the heads-up. Time to change some passwords, and perhaps my Amex card 
|
|
|
|
|
|
Well, the person's real but it's just a made up name, see?
Well, the person's real but it's just a made up name, see?
|
Just been dealing with this as I booked a bundle on flights 3 days ago. I’ll be keeping a close eye on my Amex card 
|
|
|
|
|
|
You need to Login to know who's really who.
You need to Login to know who's really who.
|
Aargh. That'll be me then. Sulks off to ring bank.
Thanks for the heads up chocks.
|
|
|
|
|
|
Anyway, snowHeads is much more fun if you do.
Anyway, snowHeads is much more fun if you do.
|
@rob@rar,
If you've got a Lloyds Avious duo card it will be changed soon anyway
|
|
|
|
|
|
You'll need to Register first of course.
You'll need to Register first of course.
|
| musher wrote: |
@rob@rar,
If you've got a Lloyds Avious duo card it will be changed soon anyway |
It's a BA-Amex card. PITA, hope BA give an explanation of what exactly has been compromised.
|
|
|
|
|
|
|
|
I am in this boat (or plane!).
I'd heard about this before coming on the forum, read this thread, left and then I just got an email from B.A. about data theft, or so I thought as nothing much in it. So I clicked 'here' and am now thinking maybe I shouldn't have...... Gulp!
|
|
|
|
|
|
|
|
|
@Cinsha, It’s never a good idea to click on emails regarding credit cards. I’ve had a few looking to be BA Amex that we’re obviously phishing ones. If in doubt go to the website via your normal access and check the account. I’ve not used mine recently for booking BA flights, so hopefully no problem but I keep an eye on that account anyway as it’s the main credit card I use now.
|
|
|
|
|
|
You'll get to see more forums and be part of the best ski club on the net.
You'll get to see more forums and be part of the best ski club on the net.
|
It didn't mention credit cards @geepee, . Because I recently booked flights with them it is not unreasonable that they would send out an email. Had a line in it, if you cannot see content click here, sort of thing - again not unusual in an email. The email looked authentic. It arrived at 22.56 hrs.
Clicked it and just showed exactly the same thing again.
Nothing out of ordinary seems to be going on with my device..........so far.
I'm v savvy on dodgy emails, not been caught out yet but there is always a first time. 
My bank account is not showing any odd activity. I just wanted to mention the email here jic it isn't kosher.
|
|
|
|
|
|
|
|
Grumble. I booked a flight during the affected times and have had the email about it. I'm on holiday at the moment and it will be a considerable pain in the back bottom to cancel my c/card right now. Sigh 
|
|
|
|
|
|
snowHeads are a friendly bunch.
snowHeads are a friendly bunch.
|
|
I did book a flight within the days/hours specified, but have had no email from BA. Will contact my credit card provider anyway. Thanks, @chocksaway.
|
|
|
|
|
|
And love to help out and answer questions and of course, read each other's snow reports.
And love to help out and answer questions and of course, read each other's snow reports.
|
I have spoken to my bank Lloyds, this morning, who guessed what my call was going to be about. Their advice was to just to keep an eye out for any unusual account activity and phone fraud line if there is.
Identity theft is another possible outcome.
Because I will be overseas x2 this month I thought I would notify them jic (never bothered before). Told me no need to do this anymore.
|
|
|
|
|
|
|
|
|
BA’s CEO just said on the BBC that the company is 100% committed to compensating their customers if anyone suffers fraud as a result of this data breach. It’s a PITA but I do think the are handling the PR side of this much better than some other examples of major data loss.
|
|
|
|
|
|
You know it makes sense.
|
|
Booked a few days before the breach, will still keep an eye on the credit card
|
|
|
|
|
|
Otherwise you'll just go on seeing the one name:
Otherwise you'll just go on seeing the one name:
|
I'm another.
This must mean that they are either storing unencrypted card data (I would hope not) or the hackers were harvesting live data as it was being entered! - not to notice that over a two week period and a very large number of transactions is pretty darn incompetent. Sounds like an inside job to me.
|
|
|
|
|
|
Poster: A snowHead
|
| Pruman wrote: |
| ....not to notice that over a two week period and a very large number of transactions is pretty darn incompetent..... |
Is it? Why? I don't know the ins and outs of sophisticated hacking. But it seems conceivable that state of the art hacking is likely to make an effort not to be detected.
|
|
|
|
|
|
Obviously A snowHead isn't a real person
Obviously A snowHead isn't a real person
|
| rob@rar wrote: |
| BA’s CEO just said on the BBC that the company is 100% committed to compensating their customers if anyone suffers fraud as a result of this data breach. It’s a PITA but I do think the are handling the PR side of this much better than some other examples of major data loss. |
Yes they are which shows they are doing a good job and reacting as swiftly as they can. It can (and does) happen to all sorts of companies.
In my experience, its not always possible to cap these on day one, simply because they cant test every part of every system every day.
Funnily enough, I booked some BA reward flights yesterday (using credit card for the tax) completely oblivious to this story.
|
|
|
|
|
|
Well, the person's real but it's just a made up name, see?
Well, the person's real but it's just a made up name, see?
|
| Cinsha wrote: |
I have spoken to my bank Lloyds, this morning, who guessed what my call was going to be about. Their advice was to just to keep an eye out for any unusual account activity and phone fraud line if there is.
Identity theft is another possible outcome.
Because I will be overseas x2 this month I thought I would notify them jic (never bothered before). Told me no need to do this anymore. |
Nationwide advised me to cancel my card, even though I had received no email from BA.
|
|
|
|
|
|
You need to Login to know who's really who.
You need to Login to know who's really who.
|
| rob@rar wrote: |
| BA’s CEO just said on the BBC that the company is 100% committed to compensating their customers if anyone suffers fraud as a result of this data breach. It’s a PITA but I do think the are handling the PR side of this much better than some other examples of major data loss. |
Probably because they’re hoping to mitigate their fine of up to 4% of group annual turnover under GDPR.
|
|
|
|
|
|
Anyway, snowHeads is much more fun if you do.
Anyway, snowHeads is much more fun if you do.
|
|
You know I normally don't leave CC details on a website. Bought flights recently from BA and they made a point of telling me that it was safer to leave my details in their system than enter it each time. The absolute morons.
|
|
|
|
|
|
You'll need to Register first of course.
You'll need to Register first of course.
|
According to the R4 interview, data compromised includes...
Credit card number
Expiry date
CVV number
Name
DoB
The fact that the CVV is included is interesting as it means that the site was compromised and live capture taking place rather than a raid on the back end database as the CVV should never be retained.
This is probably why the immediate advice is to flag it to your bank/card provider as whoever pocketed that data has enough to use the cards fraudulenty without challenge.
|
|
|
|
|
|
|
|
It seems to be completely impossible to reset my password on BA's website this morning. 
|
|
|
|
|
|
|
|
| Richard_Sideways wrote: |
According to the R4 interview, data compromised includes...
Credit card number
Expiry date
CVV number
Name
DoB
The fact that the CVV is included is interesting as it means that the site was compromised and live capture taking place rather than a raid on the back end database as the CVV should never be retained.
This is probably why the immediate advice is to flag it to your bank/card provider as whoever pocketed that data has enough to use the cards fraudulenty without challenge. |
That is what it sounded like on the piece BA put up that it was a live capture scenario and especially with it only impacting transactions between certain dates.
|
|
|
|
|
|
You'll get to see more forums and be part of the best ski club on the net.
You'll get to see more forums and be part of the best ski club on the net.
|
|
@jonm, be more concerned changing the password on other sites you've reused that password or a similar derivation.
|
|
|
|
|
|
|
|
|
Eventually spoke to Amex and they said no need to take action at the moment, they are still investigating the situation and to not be concerned as I would not be liable for any fraudulent loss. Changed my BA password last night, although I'm not sure if that info was included in the data loss?
|
|
|
|
|
|
snowHeads are a friendly bunch.
snowHeads are a friendly bunch.
|
|
@rob@rar, I just finally got through to them too and got the same message, which is reasonably encouraging I guess.
|
|
|
|
|
|
And love to help out and answer questions and of course, read each other's snow reports.
And love to help out and answer questions and of course, read each other's snow reports.
|
| jonm wrote: |
| @rob@rar, I just finally got through to them too and got the same message, which is reasonably encouraging I guess. |
Yes. We've just triggered the companion voucher on that account so we're going to stop using those cards and switch to using the cards on Jane's Amex account to work towards the next companion voucher. As we're no longer going to use the Amex cards that were affected by this situation it should be easy to spot any fraudulent activity, but a PITA having to constantly keep an eye out for such things.
|
|
|
|
|
|
|
|
|
@rob@rar, Even if you never use it, if you request a new Amex card, your new card will have different Exp and CVV., effectively invalidating the old card once you register the new one as active.
|
|
|
|
|
|
You know it makes sense.
|
|
Weirdly (I do have a reason, but won't bore anybody with it) I invariably book my BA flights using my Nationwide credit card and not my BA Amex card. I have cancelled my Nationwide card with which I booked the flight and have changed my password on the BA website. Do people think I need to take any action vis-a-vis my BA Amex card, which is the card I use most in the UK? That card, after all, is administered by American Express, not BA, so my inclination is not to do anything. Advice would be gratefully received.
|
|
|
|
|
|
Otherwise you'll just go on seeing the one name:
Otherwise you'll just go on seeing the one name:
|
| Richard_Sideways wrote: |
| @rob@rar, Even if you never use it, if you request a new Amex card, your new card will have different Exp and CVV., effectively invalidating the old card once you register the new one as active. |
Yes, I think I'll do that, although there's not the sense of urgency to do it now that I've spoken to Amex.
|
|
|
|
|
|
Poster: A snowHead
|
|
@Hurtle, The data breach appears to be on BA’s system when processing new bookings. I’ve not made any bookings using any card, so I’m not concerned about my BA Amex card, which is as you say is administered by Amex on their systems.
|
|
|
|
|
|
Obviously A snowHead isn't a real person
Obviously A snowHead isn't a real person
|
|
@geepee, thanks
|
|
|
|
|
|
Well, the person's real but it's just a made up name, see?
Well, the person's real but it's just a made up name, see?
|
|
I made a booking on 22nd August. Received the email from BA and contacted Aqua. Card cancelled and new one on it's way. I get the impression that BA is handling the situation well but as to whether or not the breach could/should have been prevented, I'm not qualified to say.
|
|
|
|
|
|
You need to Login to know who's really who.
You need to Login to know who's really who.
|
|
Just contacted my bank, new card en route. Old card has got severe restrictions in place (reduced to chip and pin and ATM transactions only).
|
|
|
|
|
|
Anyway, snowHeads is much more fun if you do.
Anyway, snowHeads is much more fun if you do.
|
| altis wrote: |
| rob@rar wrote: |
| BA’s CEO just said on the BBC that the company is 100% committed to compensating their customers if anyone suffers fraud as a result of this data breach. It’s a PITA but I do think the are handling the PR side of this much better than some other examples of major data loss. |
Probably because they’re hoping to mitigate their fine of up to 4% of group annual turnover under GDPR. |
BA's total revenue in the year to 31 December 2017 was £12.226bn, so that could be a potential maximum of £489m. That could make a nasty dent in this year's profits!
BA seem to be rather accident prone as regards IT. In May 2017 BA's IT system crashed (due to what they initially said was a power failure) with disruption lasting several days, thousands of passengers having their travel plans disrupted, and all flights from Heathrow and Gatwick were cancelled. Following that incident BA promised that they would publish the results of their investigation as to the cause of the IT system crash, AFAIK they have not yet done so.
|
|
|
|
|
|
You'll need to Register first of course.
You'll need to Register first of course.
|
|
I could have sworn that their representative said on the radio this morning (before 9am) that all the emails to the people affected had been sent out yesterday. I just got one, timed at 1454.
|
|
|
|
|
|
|
|
|
Hmm. Asking you to do anything time limited, with rewards for acting quickly or penalties for non-response? Tread carefully as the spam/scam emails quickly follow publicised breaches...
|
|
|
|
|
|
|
|
@Richard_Sideways, no, just says
"From 22:58 BST 21 August 2018 until 21:45 BST 5 September 2018 inclusive, the personal and financial details of customers making or changing bookings at ba.com, and on our app were compromised. The stolen data did not include travel or passport information.
The breach has been resolved and our website is working normally.
We’re deeply sorry, but you may have been affected. We recommend that you contact your bank or credit card provider and follow their recommended advice.
We take the protection of your personal information very seriously. Please accept our deepest apologies for the worry and inconvenience that this criminal activity has caused.
Further information can be found at ba.com.
Yours sincerely,
Alex Cruz"
|
|
|
|
|
|
You'll get to see more forums and be part of the best ski club on the net.
You'll get to see more forums and be part of the best ski club on the net.
|
| Hurtle wrote: |
| I could have sworn that their representative said on the radio this morning (before 9am) that all the emails to the people affected had been sent out yesterday. I just got one, timed at 1454. |
Jane got her warning email at 3.30am this morning, mine arrived a few minutes later.
|
|
|
|
|
|
|
|
Mine came at 03:27. No suspicious links, just the advice to call my bank.
The news coverage (and info above) seems to suggest that info used to make a booking has been compromised but not stored, unused details (e.g. other cards). Anyone know if that is likely to be right? Cancelling all cards would be prudent but could also leave me in a very difficult position with upcoming travel in the next few days and no easy way to pay for hotels etc. If stored but unused card details are safe, then I have more options.
|
|
|
|
|
|
|
|
FAQ
