British Airways data loss - What do I do?

mercurydancer

LE
Book Reviewer
I am one of those people affected by the loss of debit card details. To say I am furious is to put it mildly. I was in Crete when I got the email. Contacted the bank, but they could only stop the card completely. Having no credit card and just a couple of hundred in a savings card, I was stranded. I am not aware of any loss of money, but I have had repeated phone calls which are very dodgy. (eg from "financial companies" asking me about insurance I do not have)

Now I am aware of compensation for loss of money, but do I get redress for loss of what should be secure data and for nuisance?
 

Donny

ADC
Why can’t you transfer the funds you need to the savings account then use that card in Corfu, cancel the original one if you’re worried about it and sort it out when you get back?

Or is it all about ‘how much can I get’?
 

mercurydancer

LE
Book Reviewer
Why can’t you transfer the funds you need to the savings account then use that card in Corfu, cancel the original one if you’re worried about it and sort it out when you get back?

Or is it all about ‘how much can I get’?
I did transfer some money into the savings account, but I am back home now. New card was waiting for me.

Mainly I am angry with BA. I would appreciate any information about things like class action law suits, any form of legal redress. Compensation is a secondary issue, but it seems like the only way to get a company to take anything seriously.

All we have had so far is apologies and "contact your bank" so also I would like information about the situation.
 

Donny

ADC
From what I've heard of the attack on them it looks to have been more sophisticated than most - it's not comparable with data loss by companies like Currys or Talk Talk (both of whom, I think, were just negligent), or the NHS vulnerability to WannaCry (which I think was scandalously negligent).

If BA show they were taking reasonable steps to protect the data they held, and had in place monitoring systems to pick up the breach as early as possible, then I imagine you'll struggle to get more than token compensation from them. They're not NSA or GCHQ and they can only do so much while keeping their systems online. They've already said they'll make good any genuine financial loss but it doesn't sound as though you've actually suffered one. So I'm not sure why you're asking about 'class action law suits' unless your anger is really just about trying to get a few quid as compo. If you are thinking about a form of redress that isn't financial compensation, as you say you are, what is it?
 
Why can’t you transfer the funds you need to the savings account then use that card in Corfu, cancel the original one if you’re worried about it and sort it out when you get back?

Or is it all about ‘how much can I get’?
If it had have happened to me, I too would have been (to put it mildly) furious too - especially as my YBS Savings Account only has a 'Link' card - which is f*ck all use anywhere outside the UK.
 

mercurydancer

LE
Book Reviewer
From what I've heard of the attack on them it looks to have been more sophisticated than most - it's not comparable with data loss by companies like Currys or Talk Talk (both of whom, I think, were just negligent), or the NHS vulnerability to WannaCry (which I think was scandalously negligent).

If BA show they were taking reasonable steps to protect the data they held, and had in place monitoring systems to pick up the breach as early as possible, then I imagine you'll struggle to get more than token compensation from them. They're not NSA or GCHQ and they can only do so much while keeping their systems online. They've already said they'll make good any genuine financial loss but it doesn't sound as though you've actually suffered one. So I'm not sure why you're asking about 'class action law suits' unless your anger is really just about trying to get a few quid as compo. If you are thinking about a form of redress that isn't financial compensation, as you say you are, what is it?
10 calls today, only one genuine.

I use BA quite a lot, mainly to travel to Russia, and I have seen a deterioration in service. Enough is enough from BA. Basically I want BA to recognise me as a good customer and this includes keeping my financial data safe.
 

Donny

ADC
10 calls today, only one genuine.

I use BA quite a lot, mainly to travel to Russia, and I have seen a deterioration in service. Enough is enough from BA. Basically I want BA to recognise me as a good customer and this includes keeping my financial data safe.
Well that’s all jolly interesting but I still have no idea what you’re after from them if it isn’t just filthy lucre. It sounds like your best bet is to phone up and shout at them: it’s unlikely to change the price of fish but it might make you feel better
 
10 calls today, only one genuine.

I use BA quite a lot, mainly to travel to Russia, and I have seen a deterioration in service. Enough is enough from BA. Basically I want BA to recognise me as a good customer and this includes keeping my financial data safe.
BA service has definitely been going down the tubes over the last 2 years. No free drinks/ snacks etc. (not that those were the only differentiators but still) in econ class, while keeping high prices in euro traveller means I try and use any airline which does it cheaply or efficiently now, whereas before I might have stuck with them. I only fly with them if the cost is reasonable or works for my schedule. I was a BA Gold/ Silver with them for a while before letting it go down to bronze now as I don't care. End of rant.

I don't have any concrete advice apart from maybe doing some more online research to see what else is out there with regards to comp. Or contacting the BA cust.service line and speaking with them. Maybe get some Avios/ vouchers for future flights?
 
I did transfer some money into the savings account, but I am back home now. New card was waiting for me.

Mainly I am angry with BA. I would appreciate any information about things like class action law suits, any form of legal redress. Compensation is a secondary issue, but it seems like the only way to get a company to take anything seriously.

All we have had so far is apologies and "contact your bank" so also I would like information about the situation.
Mrs Effendi is also affected by the situation. She is in the UK at the moment having flown over with a BA partner and flying back tomorrow with BA. She received the email around the time she arrived in the UK and is going to rant at people next week. First thing she needs to find out is: Were her debit card details passed over to BA along with her personal details.

She used the politer lady version of "pissing in the wind" when having to deal with this as with their terms and conditions you probably sign away certain rights when booking a flight ticket. Although you cannot effectively sign away rights, that is the first argument to be overcome before you get onto compensation for the inconvenience, loss of amenity, worry and stress.

I'll let you know how her's goes.
 
Write to the BA Data Protection Officer here: Data Protection Officer, British Airways Plc, Waterside (HCB3), PO Box 365, Harmondsworth, UB7 0GB, England.

Say that you are complaining to them in the first instance as they are the Data Controller but ask them to forward your letter to their complaints team if that is the most appropriate team.

Itemise the time lost and present inconvenience caused; ask them to respond with a suitable compensatory offer or a goodwill gesture of some sort in respect of future flights. Say that if the matter is not resolved to your satisfaction, you will complain to the office of the Information Commissioner (Edit: it's highly likely that BA will already have referred themselves to the ICO because of the size of the breach but the ICO should be able to add you as a complainant in that matter).
 
Apparently Mrs Effendi bought $350 worth of tools from this place about an hour ago - not that she is paying for them, so they better hope they have not despatched them.

====> Contact Us

Bugger, eh. Apparently sorting out the affected card was on the list of things to do this afternoon.
 
Last edited:
Write to the BA Data Protection Officer here: Data Protection Officer, British Airways Plc, Waterside (HCB3), PO Box 365, Harmondsworth, UB7 0GB, England.
You should definitely write. In fact you should cast your net a bit wider. Consider writing to The Times. The airline industry is learning from this incident. Other airlines are definitely not pi$$ing themselves laughing at BA's misfortune.


Sir Richard Branson last week. Sitting on the bog and reading the news about BA on his iPhone
The serial IT feck ups at BA and other formerly nationalised industries are due to a long term failure to control costs. Margains are razor thin. Ryanair don't even allow staff to recharge their phones at work. Meanwhile I'm told BA pay some of their cabin crew more than Ryanair pay their Captains. Not to mention they're competing against state subsidised airlines like Emirates on long haul routes.

They need to look for swingeing cuts elsewhere. Hence on a BA business class flight to the Dark Continent costing over £3,000 the cabin steward told the passengers that they couldn't have more than one bottle of water each. Tough sh1t if you're thirsty. You can top up your empty bottle up in the toilet.

British Airways, British Telecom, Royal Bank of Scotland, TSB. All of them endured catastrophic computer failures after outsourcing their IT work to India. Plenty of decent programmers in India but outsourcers tend to go for the very cheapest available.

With the ink still wet on their degree certificates, a passing knowledge of MS Windows and an unshakeable belief that UNIX are blokes who have had their willys cut off, these fine fellows are world class experts in hiding how inexperienced they are. The can join any company and do a reverse Midas. Everything they touch turns to sh1t.

Mariner's advice:-

Get yourself a prepaid card for use on the Internet. Keep a small amount of credit on it to buy pizzas, porn and DVDs on line. If your details are compromised, transfer the credit balance out of your card so there's nothing to steal.

Don't allow any web site to store your debit card details "for convenience" or any other reason. That's like meeting a stranger in the swimming pool and giving him your wallet to look after while you are swimming. If they get your debit card number they can empty your bank account. I know one company that's a household name and that illegally sends tera bytes of customer data outside the EU to be processed wherever is cheapest. The company has 25 million customers in Europe. It's a matter of time before they have their bank accounts emptied.

Think about using a password service like LastPass. You can store anything in it from card details to your most humiliating posts on arrse. It has a web interface but your data is stored locally and heavily encrypted. It can fill a web site with details of your prepay credit card with a couple of clicks. No need to type everything out every time you order a pizza.

Get an authenticator like a Yubikey. This plugs in to a USB port and enables two factor authentication on web sites like LastPass, Google and many others. Hackers would need your password and your authenticator to access your accounts.

Time and again the corporate cowboys at even the largest companies have proved that they can't be trusted with our data. They'll play fast and loose with our darkest secrets because it will save them money and it's the credit card companies that are liable for losses anyway. Worst case, the maximum penalty for breaching the data protection act is half a million quid.
 

Wordsmith

LE
Book Reviewer
Write to the BA Data Protection Officer here: Data Protection Officer, British Airways Plc, Waterside (HCB3), PO Box 365, Harmondsworth, UB7 0GB, England.

Say that you are complaining to them in the first instance as they are the Data Controller but ask them to forward your letter to their complaints team if that is the most appropriate team.

Itemise the time lost and present inconvenience caused; ask them to respond with a suitable compensatory offer or a goodwill gesture of some sort in respect of future flights. Say that if the matter is not resolved to your satisfaction, you will complain to the office of the Information Commissioner (Edit: it's highly likely that BA will already have referred themselves to the ICO because of the size of the breach but the ICO should be able to add you as a complainant in that matter).
ICO complaints here.

Make a complaint

Under GDPR, BA can be fined up to 4% of turnover. Not something that can be laughed off.

Wordsmith
 

mercurydancer

LE
Book Reviewer
Thanks for the advice and addresses to write to.

Tried to book trains today and there is a block on all phone and internet bookings, which is a major embuggeration. I do have a credit card which I loathe using but at least I can book the trains.
 
You should definitely write. In fact you should cast your net a bit wider. Consider writing to The Times. The airline industry is learning from this incident. Other airlines are definitely not pi$$ing themselves laughing at BA's misfortune.


Sir Richard Branson last week. Sitting on the bog and reading the news about BA on his iPhone
The serial IT feck ups at BA and other formerly nationalised industries are due to a long term failure to control costs. Margains are razor thin. Ryanair don't even allow staff to recharge their phones at work. Meanwhile I'm told BA pay some of their cabin crew more than Ryanair pay their Captains. Not to mention they're competing against state subsidised airlines like Emirates on long haul routes.

They need to look for swingeing cuts elsewhere. Hence on a BA business class flight to the Dark Continent costing over £3,000 the cabin steward told the passengers that they couldn't have more than one bottle of water each. Tough sh1t if you're thirsty. You can top up your empty bottle up in the toilet.

British Airways, British Telecom, Royal Bank of Scotland, TSB. All of them endured catastrophic computer failures after outsourcing their IT work to India. Plenty of decent programmers in India but outsourcers tend to go for the very cheapest available.

With the ink still wet on their degree certificates, a passing knowledge of MS Windows and an unshakeable belief that UNIX are blokes who have had their willys cut off, these fine fellows are world class experts in hiding how inexperienced they are. The can join any company and do a reverse Midas. Everything they touch turns to sh1t.

Mariner's advice:-

Get yourself a prepaid card for use on the Internet. Keep a small amount of credit on it to buy pizzas, porn and DVDs on line. If your details are compromised, transfer the credit balance out of your card so there's nothing to steal.

Don't allow any web site to store your debit card details "for convenience" or any other reason. That's like meeting a stranger in the swimming pool and giving him your wallet to look after while you are swimming. If they get your debit card number they can empty your bank account. I know one company that's a household name and that illegally sends tera bytes of customer data outside the EU to be processed wherever is cheapest. The company has 25 million customers in Europe. It's a matter of time before they have their bank accounts emptied.

Think about using a password service like LastPass. You can store anything in it from card details to your most humiliating posts on arrse. It has a web interface but your data is stored locally and heavily encrypted. It can fill a web site with details of your prepay credit card with a couple of clicks. No need to type everything out every time you order a pizza.

Get an authenticator like a Yubikey. This plugs in to a USB port and enables two factor authentication on web sites like LastPass, Google and many others. Hackers would need your password and your authenticator to access your accounts.

Time and again the corporate cowboys at even the largest companies have proved that they can't be trusted with our data. They'll play fast and loose with our darkest secrets because it will save them money and it's the credit card companies that are liable for losses anyway. Worst case, the maximum penalty for breaching the data protection act is half a million quid.
Christ, that's a worrying post, albeit a very helpful one. I have removed my saved card details from a few (major companies') Web sites. I had assumed that size/reputation meant a degree of safety but that error is now corrected.
Thanks for the advice.
 

Latest Threads

Top