Ski Club 2.0 Home
Snow Reports
FAQFAQ

Mail for help.Help!!

Log in to snowHeads to make it MUCH better!
Username:-
 Password:
Remember me:
durr, I forgot...
Or Register
(to be a proper snow-head, all official-like!)

British Airways Data Theft

 Poster: A snowHead
Poster: A snowHead
Seems the biggest are not exempt from the pernicious elves:

From the BA Website

We are investigating, as a matter of urgency, the theft of customer data from our website and our mobile app. The stolen data did not include travel or passport details.

From 22:58 BST August 21 2018 until 21:45 BST September 5 2018 inclusive, the personal and financial details of customers making bookings on our website and app were compromised.

More details should appear here:

https://www.britishairways.com/en-gb/information/incident/data-theft/latest-information?dr=&dt=British%20Airways&tier=&scheme=&logintype=public&audience=travel&CUSTSEG=&GGLMember=&ban=%7C%7CP1M%7C%7C%7C%7C%7C%7C%7CHOME%7C%7C%7C%7CL4%7C%7C%7C%7Canonymous-inspiration%7C%7C%7C&KMtag=c&KMver=1.0&clickpage=HOME
snow report     
 Obviously A snowHead isn't a real person
Obviously A snowHead isn't a real person
@chocksaway, thanks for the heads-up. Time to change some passwords, and perhaps my Amex card Mad
latest report     
 Well, the person's real but it's just a made up name, see?
Well, the person's real but it's just a made up name, see?
Just been dealing with this as I booked a bundle on flights 3 days ago. Ill be keeping a close eye on my Amex card rolling eyes
snow report     
 You need to Login to know who's really who.
You need to Login to know who's really who.
Aargh. That'll be me then. Sulks off to ring bank.

Thanks for the heads up chocks.
snow report     
 Anyway, snowHeads is much more fun if you do.
Anyway, snowHeads is much more fun if you do.
@rob@rar,
If you've got a Lloyds Avious duo card it will be changed soon anyway
ski holidays     
 You'll need to Register first of course.
You'll need to Register first of course.
musher wrote:
@rob@rar,
If you've got a Lloyds Avious duo card it will be changed soon anyway
It's a BA-Amex card. PITA, hope BA give an explanation of what exactly has been compromised.
snow report     
 Then you can post your own questions or snow reports...
Then you can post your own questions or snow reports...
I am in this boat (or plane!).
I'd heard about this before coming on the forum, read this thread, left and then I just got an email from B.A. about data theft, or so I thought as nothing much in it. So I clicked 'here' and am now thinking maybe I shouldn't have...... Gulp!
snow report     
 After all it is free Go on u know u want to!
After all it is free Go on u know u want to!
@Cinsha, Its never a good idea to click on emails regarding credit cards. Ive had a few looking to be BA Amex that were obviously phishing ones. If in doubt go to the website via your normal access and check the account. Ive not used mine recently for booking BA flights, so hopefully no problem but I keep an eye on that account anyway as its the main credit card I use now.
snow conditions     
 You'll get to see more forums and be part of the best ski club on the net.
You'll get to see more forums and be part of the best ski club on the net.
It didn't mention credit cards @geepee, . Because I recently booked flights with them it is not unreasonable that they would send out an email. Had a line in it, if you cannot see content click here, sort of thing - again not unusual in an email. The email looked authentic. It arrived at 22.56 hrs.
Clicked it and just showed exactly the same thing again.
Nothing out of ordinary seems to be going on with my device..........so far.

I'm v savvy on dodgy emails, not been caught out yet but there is always a first time. Confused

My bank account is not showing any odd activity. I just wanted to mention the email here jic it isn't kosher.
ski holidays     
 Ski the Net with snowHeads
Ski the Net with snowHeads
Grumble. I booked a flight during the affected times and have had the email about it. I'm on holiday at the moment and it will be a considerable pain in the back bottom to cancel my c/card right now. Sigh Sad
snow conditions     
 snowHeads are a friendly bunch.
snowHeads are a friendly bunch.
I did book a flight within the days/hours specified, but have had no email from BA. Will contact my credit card provider anyway. Thanks, @chocksaway.
ski holidays     
 And love to help out and answer questions and of course, read each other's snow reports.
And love to help out and answer questions and of course, read each other's snow reports.
I have spoken to my bank Lloyds, this morning, who guessed what my call was going to be about. Their advice was to just to keep an eye out for any unusual account activity and phone fraud line if there is.
Identity theft is another possible outcome.

Because I will be overseas x2 this month I thought I would notify them jic (never bothered before). Told me no need to do this anymore.
latest report     
 So if you're just off somewhere snowy come back and post a snow report of your own and we'll all love you very much
So if you're just off somewhere snowy come back and post a snow report of your own and we'll all love you very much
BAs CEO just said on the BBC that the company is 100% committed to compensating their customers if anyone suffers fraud as a result of this data breach. Its a PITA but I do think the are handling the PR side of this much better than some other examples of major data loss.
latest report     
 You know it makes sense.
You know it makes sense.
Booked a few days before the breach, will still keep an eye on the credit card
snow report     
 Otherwise you'll just go on seeing the one name:
Otherwise you'll just go on seeing the one name:
I'm another.

This must mean that they are either storing unencrypted card data (I would hope not) or the hackers were harvesting live data as it was being entered! - not to notice that over a two week period and a very large number of transactions is pretty darn incompetent. Sounds like an inside job to me.
snow report     
 Poster: A snowHead
Poster: A snowHead
Pruman wrote:
....not to notice that over a two week period and a very large number of transactions is pretty darn incompetent.....


Is it? Why? I don't know the ins and outs of sophisticated hacking. But it seems conceivable that state of the art hacking is likely to make an effort not to be detected.
snow report     
 Obviously A snowHead isn't a real person
Obviously A snowHead isn't a real person
rob@rar wrote:
BAs CEO just said on the BBC that the company is 100% committed to compensating their customers if anyone suffers fraud as a result of this data breach. Its a PITA but I do think the are handling the PR side of this much better than some other examples of major data loss.


Yes they are which shows they are doing a good job and reacting as swiftly as they can. It can (and does) happen to all sorts of companies.

In my experience, its not always possible to cap these on day one, simply because they cant test every part of every system every day.

Funnily enough, I booked some BA reward flights yesterday (using credit card for the tax) completely oblivious to this story.
ski holidays     
 Well, the person's real but it's just a made up name, see?
Well, the person's real but it's just a made up name, see?
Cinsha wrote:
I have spoken to my bank Lloyds, this morning, who guessed what my call was going to be about. Their advice was to just to keep an eye out for any unusual account activity and phone fraud line if there is.
Identity theft is another possible outcome.

Because I will be overseas x2 this month I thought I would notify them jic (never bothered before). Told me no need to do this anymore.
Nationwide advised me to cancel my card, even though I had received no email from BA.
ski holidays     
 You need to Login to know who's really who.
You need to Login to know who's really who.
rob@rar wrote:
BAs CEO just said on the BBC that the company is 100% committed to compensating their customers if anyone suffers fraud as a result of this data breach. Its a PITA but I do think the are handling the PR side of this much better than some other examples of major data loss.


Probably because theyre hoping to mitigate their fine of up to 4% of group annual turnover under GDPR.
snow report     
 Anyway, snowHeads is much more fun if you do.
Anyway, snowHeads is much more fun if you do.
You know I normally don't leave CC details on a website. Bought flights recently from BA and they made a point of telling me that it was safer to leave my details in their system than enter it each time. The absolute morons.
latest report     
 You'll need to Register first of course.
You'll need to Register first of course.
According to the R4 interview, data compromised includes...
Credit card number
Expiry date
CVV number
Name
DoB

The fact that the CVV is included is interesting as it means that the site was compromised and live capture taking place rather than a raid on the back end database as the CVV should never be retained.

This is probably why the immediate advice is to flag it to your bank/card provider as whoever pocketed that data has enough to use the cards fraudulenty without challenge.
ski holidays     
 Then you can post your own questions or snow reports...
Then you can post your own questions or snow reports...
It seems to be completely impossible to reset my password on BA's website this morning. Twisted Evil
latest report     
 After all it is free Go on u know u want to!
After all it is free Go on u know u want to!
Richard_Sideways wrote:
According to the R4 interview, data compromised includes...
Credit card number
Expiry date
CVV number
Name
DoB

The fact that the CVV is included is interesting as it means that the site was compromised and live capture taking place rather than a raid on the back end database as the CVV should never be retained.

This is probably why the immediate advice is to flag it to your bank/card provider as whoever pocketed that data has enough to use the cards fraudulenty without challenge.


That is what it sounded like on the piece BA put up that it was a live capture scenario and especially with it only impacting transactions between certain dates.
snow report     
 You'll get to see more forums and be part of the best ski club on the net.
You'll get to see more forums and be part of the best ski club on the net.
@jonm, be more concerned changing the password on other sites you've reused that password or a similar derivation.
snow report     
 Ski the Net with snowHeads
Ski the Net with snowHeads
Eventually spoke to Amex and they said no need to take action at the moment, they are still investigating the situation and to not be concerned as I would not be liable for any fraudulent loss. Changed my BA password last night, although I'm not sure if that info was included in the data loss?
snow conditions     
 snowHeads are a friendly bunch.
snowHeads are a friendly bunch.
@rob@rar, I just finally got through to them too and got the same message, which is reasonably encouraging I guess.
snow report     
 And love to help out and answer questions and of course, read each other's snow reports.
And love to help out and answer questions and of course, read each other's snow reports.
jonm wrote:
@rob@rar, I just finally got through to them too and got the same message, which is reasonably encouraging I guess.
Yes. We've just triggered the companion voucher on that account so we're going to stop using those cards and switch to using the cards on Jane's Amex account to work towards the next companion voucher. As we're no longer going to use the Amex cards that were affected by this situation it should be easy to spot any fraudulent activity, but a PITA having to constantly keep an eye out for such things.
latest report     
 So if you're just off somewhere snowy come back and post a snow report of your own and we'll all love you very much
So if you're just off somewhere snowy come back and post a snow report of your own and we'll all love you very much
@rob@rar, Even if you never use it, if you request a new Amex card, your new card will have different Exp and CVV., effectively invalidating the old card once you register the new one as active.
ski holidays     
 You know it makes sense.
You know it makes sense.
Weirdly (I do have a reason, but won't bore anybody with it) I invariably book my BA flights using my Nationwide credit card and not my BA Amex card. I have cancelled my Nationwide card with which I booked the flight and have changed my password on the BA website. Do people think I need to take any action vis-a-vis my BA Amex card, which is the card I use most in the UK? That card, after all, is administered by American Express, not BA, so my inclination is not to do anything. Advice would be gratefully received.
snow report     
 Otherwise you'll just go on seeing the one name:
Otherwise you'll just go on seeing the one name:
Richard_Sideways wrote:
@rob@rar, Even if you never use it, if you request a new Amex card, your new card will have different Exp and CVV., effectively invalidating the old card once you register the new one as active.
Yes, I think I'll do that, although there's not the sense of urgency to do it now that I've spoken to Amex.
snow conditions     
 Poster: A snowHead
Poster: A snowHead
@Hurtle, The data breach appears to be on BAs system when processing new bookings. Ive not made any bookings using any card, so Im not concerned about my BA Amex card, which is as you say is administered by Amex on their systems.
ski holidays     
 Obviously A snowHead isn't a real person
Obviously A snowHead isn't a real person
@geepee, thanks
ski holidays     
 Well, the person's real but it's just a made up name, see?
Well, the person's real but it's just a made up name, see?
I made a booking on 22nd August. Received the email from BA and contacted Aqua. Card cancelled and new one on it's way. I get the impression that BA is handling the situation well but as to whether or not the breach could/should have been prevented, I'm not qualified to say.
ski holidays     
 You need to Login to know who's really who.
You need to Login to know who's really who.
Just contacted my bank, new card en route. Old card has got severe restrictions in place (reduced to chip and pin and ATM transactions only).
ski holidays     
 Anyway, snowHeads is much more fun if you do.
Anyway, snowHeads is much more fun if you do.
altis wrote:
rob@rar wrote:
BAs CEO just said on the BBC that the company is 100% committed to compensating their customers if anyone suffers fraud as a result of this data breach. Its a PITA but I do think the are handling the PR side of this much better than some other examples of major data loss.


Probably because theyre hoping to mitigate their fine of up to 4% of group annual turnover under GDPR.


BA's total revenue in the year to 31 December 2017 was 12.226bn, so that could be a potential maximum of 489m. That could make a nasty dent in this year's profits!

BA seem to be rather accident prone as regards IT. In May 2017 BA's IT system crashed (due to what they initially said was a power failure) with disruption lasting several days, thousands of passengers having their travel plans disrupted, and all flights from Heathrow and Gatwick were cancelled. Following that incident BA promised that they would publish the results of their investigation as to the cause of the IT system crash, AFAIK they have not yet done so.
ski holidays     
 You'll need to Register first of course.
You'll need to Register first of course.
I could have sworn that their representative said on the radio this morning (before 9am) that all the emails to the people affected had been sent out yesterday. I just got one, timed at 1454.
snow report     
 Then you can post your own questions or snow reports...
Then you can post your own questions or snow reports...
Hmm. Asking you to do anything time limited, with rewards for acting quickly or penalties for non-response? Tread carefully as the spam/scam emails quickly follow publicised breaches...
snow report     
 After all it is free Go on u know u want to!
After all it is free Go on u know u want to!
@Richard_Sideways, no, just says
"From 22:58 BST 21 August 2018 until 21:45 BST 5 September 2018 inclusive, the personal and financial details of customers making or changing bookings at ba.com, and on our app were compromised. The stolen data did not include travel or passport information.
The breach has been resolved and our website is working normally.
Were deeply sorry, but you may have been affected. We recommend that you contact your bank or credit card provider and follow their recommended advice.
We take the protection of your personal information very seriously. Please accept our deepest apologies for the worry and inconvenience that this criminal activity has caused.
Further information can be found at ba.com.
Yours sincerely,
Alex Cruz"
snow conditions     
 You'll get to see more forums and be part of the best ski club on the net.
You'll get to see more forums and be part of the best ski club on the net.
Hurtle wrote:
I could have sworn that their representative said on the radio this morning (before 9am) that all the emails to the people affected had been sent out yesterday. I just got one, timed at 1454.
Jane got her warning email at 3.30am this morning, mine arrived a few minutes later.
latest report     
 Ski the Net with snowHeads
Ski the Net with snowHeads
Mine came at 03:27. No suspicious links, just the advice to call my bank.

The news coverage (and info above) seems to suggest that info used to make a booking has been compromised but not stored, unused details (e.g. other cards). Anyone know if that is likely to be right? Cancelling all cards would be prudent but could also leave me in a very difficult position with upcoming travel in the next few days and no easy way to pay for hotels etc. If stored but unused card details are safe, then I have more options.
snow report     



Terms and conditions  Privacy Policy