Interesting Sunday Times piece on the British Airways data breach and compensation

I have tried to avoid running speculative articles about the British Airways data breach, since few of us can speak with real expert knowledge and even fewer know how the company really operates.

The Sunday Times, however, had a very interesting piece this week which I thought was worth quoting.  They spoke with a consultant called Ben Oguntala who actually worked on fraud prevention at BA’s Waterside head office and who quit after his guidance was ignored.

To quote:

“Oguntala, 44, founder of the card security company Payments & Co, said he was hired to help improve card payment security. But he discovered the airline had failed the international standard for card payments, called the payment card industry (PCI) data security standard, last year. The failure was not reported in the airline’s annual report.

One internal document presented at a BA meeting in April this year states: “British Airways holds a lot of sensitive payment card data. BA are subjected to the international security standard — PCI data security standard.

“By achieving compliance BA are proving to themselves, their customers and their supervisory bodies that BA are suitably protecting payment card data from malicious attack . . . In December 2017, BA failed to achieve PCI compliance.”

The document warned that an outdated system, ArcSight, was being used to store security data relating to card transactions. It is described in the document as “redundant”, “severely undermined” and “prone to failure”. The document is marked IAG GBS, which is the global business services division of BA’s parent company IAG.

Oguntala said he was shocked at the lax security surrounding credit and debit card payments at BA. “The security was woeful,” he said. “There was card data everywhere and there were no proper controls on where it was going and who was getting access.”

Oguntala, who worked for a team that reported to BA’s information security and compliance manager, considered the entire payment system needed to be radically overhauled — with a new security protocol known as tokenisation. He said he left after his advice was rejected.”

As I said above, this is a quote from an article in The Sunday Times and I have not done any additional verification, but it does have a ring of truth to it.

The full article is here but behind a paywall.

The Times suggests £1,250 per head compensation

Will there be any cash compensation for the data breach?

Without wanting to dampen your hopes, I have very little faith that the £475 million legal suit against British Airways, highlighted in The Times yesterday, will go anywhere.

The (ironically named, for those of us in the loyalty sector) firm of SPG Law is apparently planning a class action lawsuit.  SPG Law is part of a large US law group and so has experience in the class action field, although they are rarely seen in the UK.

Apparently I would be due (£475,000,000 divided by 380,000 people) £1,250 for the “inconvenience, distress and misuse” of my private information. 

More accurately – if we look at the figures for the recent US class action lawsuit brought against British Airways for comparison, where the lawyers took 28% of the settlement as their fee – SPG Law would receive £120 million and I would be due £900.

In reality, we don’t know how the courts will interpret the new GDPR rules on fines for data leakage.  British Airways acted promptly and has not sought to hide anything, it seems, so it would expect a substantial discount for good behaviour.

The original story in The Times is here but, again, is behind a paywall.

PS. If you are not a regular Head for Points visitor, why not sign up for our FREE weekly or daily newsletters? They are full of the latest Avios, airline, hotel and credit card points news and will help you travel better. To join our 65,000 free subscribers, click the button below or visit this page of the site to find out more. Thank you.

How to earn Avios from UK credit cards (March 2025)

As a reminder, there are various ways of earning Avios points from UK credit cards.  Many cards also have generous sign-up bonuses!

In February 2022, Barclaycard launched two exciting new Barclaycard Avios Mastercard cards with a bonus of up to 25,000 Avios. You can apply here.

You qualify for the bonus on these cards even if you have a British Airways American Express card:

Barclaycard Avios Plus Mastercard

Get 25,000 Avios for signing up and an upgrade voucher at £10,000 Read our full review

Barclaycard Avios Mastercard

Get 5,000 Avios for signing up and an upgrade voucher at £20,000 Read our full review

There are two official British Airways American Express cards with attractive sign-up bonuses:

British Airways American Express Premium Plus

30,000 Avios and the famous annual 2-4-1 voucher Read our full review

British Airways American Express

5,000 Avios for signing up and an Economy 2-4-1 voucher for spending £15,000 Read our full review

You can also get generous sign-up bonuses by applying for American Express cards which earn Membership Rewards points. These points convert at 1:1 into Avios.

SPECIAL OFFER: Until 27th May 2025, the sign-up bonus on the ‘free for a year’ American Express Preferred Rewards Gold card is increased from 20,000 Membership Rewards points to 30,000 points. Points convert 1:1 into Avios (30,000 Avios!) and many other programmes. Some people may see even higher personalised offers. Click here to apply.

SPECIAL OFFER: Until 27th May 2025, the sign-up bonus on American Express Platinum is increased from 50,000 Membership Rewards points to a huge 80,000 points. Points convert 1:1 into Avios (80,000 Avios!) and many other programmes. Some people may see even higher personalised offers. Click here to apply.

American Express Preferred Rewards Gold

Your best beginner’s card – 30,000 points, FREE for a year & four airport lounge passes Read our full review

The Platinum Card from American Express

80,000 bonus points and great travel benefits – for a large fee Read our full review

Run your own business?

We recommend Capital on Tap for limited companies. You earn 1 Avios per £1 which is impressive for a Visa card, and the standard card is FREE. Capital on Tap cards also have no FX fees.

Capital on Tap Visa

NO annual fee, NO FX fees and points worth 1 Avios per £1 Read our full review

Capital on Tap Pro Visa

10,500 points (=10,500 Avios) plus good benefits Read our full review

There is also a British Airways American Express card for small businesses:

British Airways American Express Accelerating Business

30,000 Avios sign-up bonus – plus annual bonuses of up to 30,000 Avios Read our full review

There are also generous bonuses on the two American Express Business cards, with the points converting at 1:1 into Avios. These cards are open to sole traders as well as limited companies.

SPECIAL OFFER: Until 8th April 2025, the sign-up bonus on American Express Business Platinum is increased from 50,000 Membership Rewards points to 120,000 points. You receive 80,000 points when you spend £12,000 within three months and a further 40,000 points if you spend on the card between Month 14 and Month 17. Points convert 1:1 into Avios and many other programmes. Click here to apply.

SPECIAL OFFER: Until 8th April 2025, the sign-up bonus on American Express Business Gold is increased from 20,000 Membership Rewards points to 60,000 points. You receive 40,000 points when you spend £6,000 within three months and a further 20,000 points if you spend on the card between Month 14 and Month 17. Points convert 1:1 into Avios and many other programmes. Click here to apply.

American Express Business Platinum

Up to 120,000 points when you sign-up and an annual £200 Amex Travel credit Read our full review

American Express Business Gold

Up to 60,000 points sign-up bonus and FREE for a year Read our full review

Click here to read our detailed summary of all UK credit cards which earn Avios. This includes both personal and small business cards.