What To Do If You’re Caught Up In The British Airways Hack


Some links to products and travel providers on this website will earn Traveling For Miles a commission which helps contribute to the running of the site – I’m very grateful to anyone who uses these links but their use is entirely optional. The compensation does not impact how and where products appear on this site and does not impact reviews that are published. For more details please see the advertising disclosure found at the bottom of every page.


Yesterday was a bad day for British Airways as it was forced to admit that its website and app were hacked and that the details of 380,000 customers were compromised. What made matters worse was that the airline confirmed that it took 15 days before it noticed that its systems had been hacked.

As you would expect, British Airways has been putting out apologies in the press and the media and no doubt we’ll soon be forced to listen to another round of explanations as to why this latest in a string of IT failures has nothing to do with the airline cutting costs and outsourcing a core component of its business overseas (the airline’s IT meltdown that left thousands stranded last year is still pretty fresh in a lot of people’s minds).

The airline has even made sure that the background to it’s coat of arms is a somber black on it’s latest press release:

The airline has also been sending out emails to customers who may have been affected – this is what I received a few hours ago:

Dear Customer,

From 22:58 BST 21 August 2018 until 21:45 BST 5 September 2018 inclusive, the personal and financial details of customers making or changing bookings at ba.com, and on our app were compromised. The stolen data did not include travel or passport information.

The breach has been resolved and our website is working normally.

We’re deeply sorry, but you may have been affected. We recommend that you contact your bank or credit card provider and follow their recommended advice.

We take the protection of your personal information very seriously. Please accept our deepest apologies for the worry and inconvenience that this criminal activity has caused.

Further information can be found at ba.com.

Yours sincerely,

AlexCruzSignature

Alex Cruz

Chief Executive Officer

If you’ve received a similar email it doesn’t necessarily mean that the hackers definitely have your data (I don’t think BA can say that for sure) but it does mean that BA has identified you as someone who made one or more transactions through ba.com or the BA app during the period when the airline’s systems were compromised.

Annoyingly the email doesn’t actually address what specific information the hackers got access to so I’ve collated all the various reports I’ve seen and read and pulled together a “worst case scenario” list of what the hackers may have stolen:

  • Names
  • Addresses
  • Credit card numbers
  • Expiry dates
  • Credit card security codes
  • British Airways Executive Club account numbers
  • British Airways Executive Club passwords

We can’t be 100% sure if the hackers got ALL of that information but, to be on the safe side, this is what we should assume they have.

So What Should You Do Now?

The steps are simple:

  1. Get in touch with the issuers of the cards you’ve been using on ba.com or the BA app, let them know what’s happened and request new cards. Consider using the online chat or secure messaging facilities that credit card issuers and banks offer as there are reports (in the UK) of long wait times for those calling in to cancel their cards.
  2. Log in to ba.com (here’s a link) and change your login name and password. You can change these details by following the following steps:
    • Access the Executive Club page
    • Click “manage my account” (on the left of the screen)
    • Click “update my personal information” from the menu which appears
    • Confirm your birthday details (BA’s security question)
    • Change your login name and password
  3. If you happen to have used the same email & password combination elsewhere on the internet (perhaps with another airline or travel provider) make sure you change your details there too.
  4. Delete details of any cards saved on BA.com – we don’t know that these have been compromised but why take a chance? You can do this by following the following steps:
    • Access the Executive Club page
    • Click “manage my account” (on the left of the screen)
    • Click “saved payment cards” from the menu which appears
    • Delete the cards stored in your account
  5. Keep a very, very close eye on your credit card accounts and you bank accounts (if you used a debit card to book travel with BA). If you have access to a free credit monitoring service (like credit karma or credit sesame in the US) make sure you use it as another way of keeping an eye on your credit file.

Bottom Line

Hackers are getting more and more sophisticated so it’s not the fact that BA got hacked that’s annoying me (hacks are a sad fact of life nowadays) it’s the fact that it took BA 15 days to notice.

That’s unacceptable.

The credit card companies may tell you not to worry as you’re 100% covered should your credit card details be used fraudulently (that’s true) and that it may not be necessary to cancel your cards. This is what both Chase and Amex told me and you should ignore that advice.

It’s better to close down any affected accounts now rather than wait and see if your card details are used fraudulently before you take action.

Acting now means that things are in your hands and you can take measures to ensure you have other payment methods available to you while you wait for your new cards to arrive.

If you wait to see what happens and then get compromised you run the risk of leaving yourself stranded without an alternative method of payment and that’s not going to be a nice position to be in.

Whatever you do make sure you monitor all your accounts very closely and question any transactions you don’t recognise – stay alert.