I got an email from BA about this, first thing this morning, but per The Guardian:
British Airways is investigating the theft of customer data from its website and app over a two-week period and has urged customers affected to contact their banks or credit card providers.
The airline said around 380,000 payment cards had been compromised and it had notified the police.
In a statement it said: “The stolen data did not include travel or passport details. From 22.58 BST August 21 2018 until 21.45 BST September 5 2018 inclusive, the personal and financial details of customers making bookings on ba.com and the airline’s app were compromised. The breach has been resolved and our website is working normally.
I’m waiting to hear back from my bank, but I’m a little annoyed that this was the extent of the information BA provided:
Dear Customer,
From 22:58 BST 21 August 2018 until 21:45 BST 5 September 2018 inclusive, the personal and financial details of customers making or changing bookings at ba.com, and on our app were compromised. The stolen data did not include travel or passport information.
The breach has been resolved and our website is working normally.
We’re deeply sorry, but you may have been affected. We recommend that you contact your bank or credit card provider and follow their recommended advice.
We take the protection of your personal information very seriously. Please accept our deepest apologies for the worry and inconvenience that this criminal activity has caused.
Further information can be found at ba.com.
Pretty much just “we’re sorry this happened, and you should contact your bank” but without any helpful advice on what to say to the bank, or even which department is best to speak to. Fraud? Card Services? General Customer Services? Banks aren’t known for their stellar customer service at the best of times, so dumping the responsibility of assuring potentially stressed out customers on what to do next onto the banks seems like an epic case of “slopey shoulders” from BA.