Maximise your Avios, air miles and hotel points

British Airways admits massive data breach including theft of credit card numbers

Links on Head for Points may support the site by paying a commission.  See here for all partner links.

Friday 1pm update:  Various reports in our comments and elsewhere suggest that – despite BA statements – people who have booked via telephone and with BA Holidays are receiving emails saying their details are compromised.  There are also other people like myself who made redemption bookings who have not received any email.  It is probably best to assume that any transaction you’ve made which led to a BA credit card charge is likely to be at risk

Friday 12.30pm update:  IAG’s share price is down 3.6% so far today as investors worry about compensation payments and the impact on future bookings.  The overall market is only down 1.0%.

Friday 11.30am update:  It is worth noting that now says “The personal and financial details of customers making or changing bookings on and the airline’s mobile app were compromised.”  This means that you might be affected even if you did not purchase a ticket during this period.

The official page with more information is here.

Friday 10am update:  I get two paragraphs in the Daily Telegraph today, both website and newspaper – see here.  The Alex Cruz interview on Radio 4 this morning confirms that the following data has been stolen:

  • email address
  • postal address
  • credit card number
  • expiration data
  • CVV

Your frequent flyer and passport data has not been impacted as that is not transmitted during the payment process.

On the upside, there is no sign of the vest yet:

I just realised that I have not received the BA email, even though I made a redemption booking on 3rd September.  Whilst this was an Avios booking, I paid taxes on a credit card and the payment process is the same as for a cash booking.

Friday 9.30am update:  BA appears to be in breach of ICO guidelines in its email to affected customers.  To quote from the ICO website:

“You need to describe, in clear and plain language, the nature of the personal data breach and, at least:

  • the name and contact details of your data protection officer (if your organisation has one) or other contact point where more information can be obtained;
  • a description of the likely consequences of the personal data breach; and
  • a description of the measures taken, or proposed to be taken, to deal with the personal data breach and including, where appropriate, of the measures taken to mitigate any possible adverse effects.”

Friday 9am update:  This breach is ONLY related to transactions made online at, not or BA Holidays it seems. This implies that BA may not have been encrypting payment details when they were sent to their payment processor and someone was picking them up on the way. You are at NO risk if you have a credit card stored at but did not make a purchase during this 2-week period.

Friday 8am update: It now appears that 380,000 transactions have been compromised.  You should have received an email overnight if you are included. There are no reports so far of card fraud linked to the breach and credit card companies are NOT replacing cards automatically. If you are nervous, you can report your Amex card as ‘lost’ via the website and it will be replaced.

The following press release just turned up from British Airways five minutes ago, for your information:


September 06, 2018

“British Airways is investigating, as a matter of urgency, the theft of customer data from its website, and the airline’s mobile app. The stolen data did not include travel or passport details.

From 22:58 BST August 21 2018 until 21:45 BST September 5 2018 inclusive, the personal and financial details of customers making bookings on and the airline’s app were compromised.

The breach has been resolved and our website is working normally.

British Airways is communicating with affected customers and we advise any customers who believe they may have been affected by this incident to contact their banks or credit card providers and follow their recommended advice.

We have notified the police and relevant authorities.

Alex Cruz, British Airways’ Chairman and Chief Executive said “We are deeply sorry for the disruption that this criminal activity has caused. We take the protection of our customers’ data very seriously.”

British Airways will provide further updates when appropriate.”

Coming just a week after the high profile launch of the September sale – bookings for which have been caught up in this – the timing could not be worse.

I feel a bit sorry for British Airways at the moment.  They have spent the last year reversing the cut-backs of 2016 (the changes to Club Europe catering on the 12th are almost the final piece of the jigsaw) but there is no sign of public perception improving.  Good news, of course, makes for less interesting press coverage than bad news, which is why coming back from bad publicity is always hard.

Following on from the IT outage from last year, this theft is likely to raise more questions about the decision to move much of BA’s IT infrastructure to India.  Whatever money it saved will be peanuts compared to the costs of dealing with this breach.

And, given that I made a couple of redemptions last week, it looks like I’m going to need a new British Airways American Express card ….

The official BA web page discussing the leak and what you should do is here.

How to earn Avios from UK credit cards

How to earn Avios from UK credit cards (April 2024)

As a reminder, there are various ways of earning Avios points from UK credit cards.  Many cards also have generous sign-up bonuses!

In February 2022, Barclaycard launched two exciting new Barclaycard Avios Mastercard cards with a bonus of up to 25,000 Avios. You can apply here.

You qualify for the bonus on these cards even if you have a British Airways American Express card:

Barclaycard Avios Plus card

Barclaycard Avios Plus Mastercard

Get 25,000 Avios for signing up and an upgrade voucher at £10,000 Read our full review

Barclaycard Avios card

Barclaycard Avios Mastercard

5,000 Avios for signing up and an upgrade voucher at £20,000 Read our full review

There are two official British Airways American Express cards with attractive sign-up bonuses:

British Airways American Express Premium Plus

25,000 Avios and the famous annual 2-4-1 voucher Read our full review

British Airways American Express

5,000 Avios for signing up and an Economy 2-4-1 voucher for spending £15,000 Read our full review

You can also get generous sign-up bonuses by applying for American Express cards which earn Membership Rewards points. These points convert at 1:1 into Avios.

American Express Preferred Rewards Gold

Your best beginner’s card – 20,000 points, FREE for a year & four airport lounge passes Read our full review

The Platinum Card from American Express

40,000 bonus points and a huge range of valuable benefits – for a fee Read our full review

Run your own business?

We recommend Capital on Tap for limited companies. You earn 1 Avios per £1 which is impressive for a Visa card, along with a sign-up bonus worth 10,500 Avios.

Capital on Tap Business Rewards Visa

Huge 30,000 points bonus until 12th May 2024 Read our full review

You should also consider the British Airways Accelerating Business credit card. This is open to sole traders as well as limited companies and has a 30,000 Avios sign-up bonus.

British Airways Accelerating Business American Express

30,000 Avios sign-up bonus – plus annual bonuses of up to 30,000 Avios Read our full review

There are also generous bonuses on the two American Express Business cards, with the points converting at 1:1 into Avios. These cards are open to sole traders as well as limited companies.

American Express Business Platinum

40,000 points sign-up bonus and an annual £200 Amex Travel credit Read our full review

American Express Business Gold

20,000 points sign-up bonus and FREE for a year Read our full review

Click here to read our detailed summary of all UK credit cards which earn Avios. This includes both personal and small business cards.

Comments (266)

This article is closed to new comments. Feel free to ask your question in the HfP forums.

  • Richard says:

    Surely most HfP readers would have closed and churned the card used by now anyway!

  • Dwb1873 says:

    How confident are you Rob that your own third party content providers are secure?

    I know you don’t take card details but the premise – that any part of the page content not directly under your control can lead to data being lost – is valid.

    Card processors, adverts, analytics – anything somewhere else.

  • Delbert says:

    Got up to an email from BA this morning about my account being compromised and get home this evening to a letter from another company stating that my account had been compromised. LOL.

  • Jimbob says:

    Couple of fraudulent spends, and you get that Amex welcome bonus that little bit quicker!
    Every cloud………

  • Graham Walsh says:

    I had my new Virgin CC on the BA site as I’m hitting those targets. Received this earlier

    Your new card

    Dear Graham

    We’re getting in touch to let you know that we are sending you a new Virgin Atlantic Credit Card.

    You may be aware that British Airways recently reported a data breach. We have identified that you may have used this site and therefore you could have been affected.

    Sending you a new card ahead of your normal card expiry date is an added precaution to protect your account from any potential fraudulent activity. Rest assured your account remains safe and you are not liable for any fraudulent transactions, just let us know if you see anything unusual on your statements.

    If you would like more information from British Airways, you can find it here.

    What do I need to do next?

    Your new Virgin Atlantic Credit Card will arrive in the next 7-10 days, you should:
    Activate your new card in Online Service straightaway.
    Sign your new card as soon as you receive it.
    Destroy your old card.
    As your new card will have a different number, make sure you change any card payments you have set up (e.g. online subscriptions) to the new card number.
    Your existing Credit Card will stop working in 14 days’ time or once you have activated your new one, so please switch over to the new one as soon as you receive it. Your PIN will remain the same.

    If you have already contacted us about this then please be assured your new card will be with you within 7-10 days and you can follow the steps above to start using your new card.

    Yours sincerely

    The Virgin Atlantic Credit Card Team

This article is closed to new comments. Feel free to ask your question in the HfP forums.

The UK's biggest frequent flyer website uses cookies, which you can block via your browser settings. Continuing implies your consent to this policy. Our privacy policy is here.