Maximise your Avios, air miles and hotel points

British Airways discloses massive new credit card data breach covering Avios redemption flights

Links on Head for Points may support the site by paying a commission.  See here for all partner links.

The British Airways data breach saga, which first emerged in early September, has taken another painful turn for the airline.

British Airways disclosed on Thursday afternoon that a further 185,000 payment cards had potentially been compromised.

These cards had all been used to pay for Avios redemptions between 21st April and 28th July.

Only online bookings at ba.com were impacted.  Redemptions made via the British Airways app or call centre are safe.

Note that ALL forms of Avios redemption appear to be impacted.  You are included if you used Avios to part-pay for a car rental or hotel booking, according to BA.

It is important to note that this is 185,000 ADDITIONAL payment cards which are affected.  British Airways seems to have massaged the headline figure by stripping out cards which were also caught up in the first data breach.

The full statement is here.

The latest disclosure is broken down as follows:

77,000 payment cards have had their name, billing address, email address, payment number, expiry and CVV potentially compromised

108,000 payment cards have been similarly compromised but without the CVV number

You will receive an email during Friday if you are impacted.  According to BA:

“While we do not have conclusive evidence that the data was removed from British Airways’ systems, we are taking a prudent approach in notifying potentially affected customers, advising them to contact their bank or card provider as a precaution.”

On the upside, further investigation by British Airways into the original data breach last month has found that ‘only’ 244,000 payment cards have been compromised compared with the 380,000 figure originally claimed.

And, of course, Cathay Pacific revealed on Thursday that a whopping 9.4m sets of personal records had been unlawfully accessed.  This includes credit card data.

In some ways, this breach could be worse for BA than the original.  185,000 people represents a high percentage of the active British Airways Executive Club base.  The original breach will have caught up a lot of ‘once a year’ flyers whilst this one will be impacting people like us who make up a disproportionate part of BA revenue.  Anyone who has already sat through the 2017 weekend IT failure and the recent failures of the new FLY check-in system will probably have had enough by now.

You can find the latest BA statement on this latest breach here.

PS.  Having now seen the British Airways email, the heading “Update on Theft of Customer Data” is hugely misleading in my opinion and may lead to the email being deleted unread.

PS. If you are not a regular Head for Points visitor, why not sign up for our FREE weekly or daily newsletters? They are full of the latest Avios, airline, hotel and credit card points news and will help you travel better. To join our 65,000 free subscribers, click the button below or visit this page of the site to find out more. Thank you.

How to earn Avios from UK credit cards

How to earn Avios from UK credit cards (April 2025)

As a reminder, there are various ways of earning Avios points from UK credit cards.  Many cards also have generous sign-up bonuses!

In February 2022, Barclaycard launched two exciting new Barclaycard Avios Mastercard cards with a bonus of up to 25,000 Avios. You can apply here.

You qualify for the bonus on these cards even if you have a British Airways American Express card:

Barclaycard Avios Plus card

Barclaycard Avios Plus Mastercard

Get 25,000 Avios for signing up and an upgrade voucher at £10,000 Read our full review

Barclaycard Avios card

Barclaycard Avios Mastercard

Get 5,000 Avios for signing up and an upgrade voucher at £20,000 Read our full review

There are two official British Airways American Express cards with attractive sign-up bonuses:

British Airways American Express Premium Plus

30,000 Avios and the famous annual 2-4-1 voucher Read our full review

British Airways American Express

5,000 Avios for signing up and an Economy 2-4-1 voucher for spending £15,000 Read our full review

You can also get generous sign-up bonuses by applying for American Express cards which earn Membership Rewards points. These points convert at 1:1 into Avios.

SPECIAL OFFER: Until 27th May 2025, the sign-up bonus on the ‘free for a year’ American Express Preferred Rewards Gold card is increased from 20,000 Membership Rewards points to 30,000 points. Points convert 1:1 into Avios (30,000 Avios!) and many other programmes. Some people may see even higher personalised offers. Click here to apply.

SPECIAL OFFER: Until 27th May 2025, the sign-up bonus on American Express Platinum is increased from 50,000 Membership Rewards points to a huge 80,000 points. Points convert 1:1 into Avios (80,000 Avios!) and many other programmes. Some people may see even higher personalised offers. Click here to apply.

American Express Preferred Rewards Gold

Your best beginner’s card – 30,000 points, FREE for a year & four airport lounge passes Read our full review

The Platinum Card from American Express

80,000 bonus points and great travel benefits – for a large fee Read our full review

Run your own business?

We recommend Capital on Tap for limited companies. You earn 1 Avios per £1 which is impressive for a Visa card, and the standard card is FREE. Capital on Tap cards also have no FX fees.

Capital on Tap Visa

NO annual fee, NO FX fees and points worth 1 Avios per £1 Read our full review

Capital on Tap Pro Visa

10,500 points (=10,500 Avios) plus good benefits Read our full review

There is also a British Airways American Express card for small businesses:

British Airways American Express Accelerating Business

30,000 Avios sign-up bonus – plus annual bonuses of up to 30,000 Avios Read our full review

There are also generous bonuses on the two American Express Business cards, with the points converting at 1:1 into Avios. These cards are open to sole traders as well as limited companies.

American Express Business Platinum

50,000 points when you sign-up and an annual £200 Amex Travel credit Read our full review

American Express Business Gold

20,000 points sign-up bonus and FREE for a year Read our full review

Click here to read our detailed summary of all UK credit cards which earn Avios. This includes both personal and small business cards.

Category

British Airways and Avios

Comments (245)

This article is closed to new comments. Feel free to ask your question in the HfP forums.

  • Shoestring says:
    26 Oct26 October 17:24

    O/T reminder that Nectar Swipe & Win is back on @Sainsbury, today & the weekend. This guy did OK: [‘2 X 2000, 2 X 1000, 2 X 500 AND 1 X 200 for filling up the first car’] – assuming a £70 fill up (ie 7x £10 seems logical), that’d be quite a good bit of change!

    Points are valued between 0.5p and 1p depending on whether you’re happy to shop at Sainsbury! So he got back £31-£62 in points!

    • BJ says:
      26 Oct26 October 17:41

      Surprised this was not on Shopperpoints today. Did not do so well this year, 3×500 and 1×200 on £40. Heading to the hills tomorrow so hopefully do better on refills on Sunday.

      Reminder: There is 1000 nectar points each on LNER and Virgin Trains for those who received the offer.

    • Craig says:
      26 Oct26 October 18:16

      5600 total in just over £100. Dont forget you have to shop to redeem this time and the self service tills didn’t like same day vouchers. It took a while but 25% discount which I can hopefully double up will be a good return.

  • Jordie says:
    26 Oct26 October 18:05

    Double whammy for me with two different amex cards. Not happy that my personal details have been obtained.

  • marcw says:
    26 Oct26 October 18:26

    I´m not sure why everyone makes a big fuss about this. It´s so easy to cancel and get a new card – its not like sensitive/important information.

    • Russ says:
      26 Oct26 October 18:53

      People are concerned not only about the card but now someone with ill intent may know when you’re abroad.

      • marcw says:
        26 Oct26 October 20:10

        They don´t know that. Anyway there are easier ways to know whether you are at home or not. 🙂

        • Brian W says:
          26 Oct26 October 20:34

          They didn’t know where my home was until BA let them find out!

        • marcw says:
          26 Oct26 October 21:14

          Are you certain about that Brain W?

        • Callum says:
          28 Oct28 October 03:13

          Why do you think anyone wants to know where you live? Seems like a lot of unnecessary hassle when if they wanted to steal stuff they could just go to any house.

    • Rob says:
      26 Oct26 October 19:06

      I have a number of HFP services charged directly to a credit card and when it expired recently it was a major pain to change it all over.

      • marcw says:
        26 Oct26 October 20:16

        AFAIK this has nothing to do with this. Your cards just expired 😉 A llorar al barranco!

    • Brian W says:
      26 Oct26 October 19:14

      My name, address, post code and email address are important, especially when used together.

      Can I cancel them easily and get new ones? Nope, didn’t think so………..stupid comment.

      • marcw says:
        26 Oct26 October 19:58

        If you are so concerned. Quit Amex, or whichever card you used.

        • Brian W says:
          26 Oct26 October 20:31

          What’s Amex got to do with my name, address and email being stolen? They remain the same regardless of any credit card I hold. This data can be used in the future for many things despite my Amex being cancelled or number changed.

          I had fraudulent charges on my BAPP in September when the first breach was announced and my card was cancelled and charges removed easily. Process was simple and what many of us have come to expect of Amex. I’ve had the second email too which I know relates to my Platinum. Fraudulent transactions on a card are not the worry, especially if its an Amex card.

          BA allowed other personal data to be harvested as well. You don’t seem to be capable of grasping this. If I ‘quit’ Amex, as you suggest, are BA or Amex going to foot the bill for me to move address and have my name changed?

          Your comment is stupid marcw

        • Nick says:
          26 Oct26 October 20:43

          Or quit money, and rely on a barter economy instead. Theft of personal data is less of an issue if you just pay floor your flights in bacon and wheat.

        • marcw says:
          26 Oct26 October 20:53

          No one really gives a f*ck where you live. The hackers only care about money. So does IAG: “where´s the f*cking money!”

        • Brian W says:
          26 Oct26 October 21:37

          The ones that walk into UK retailers such as Burton, Topshop, Dorothy Perkins where they offer a discount on goods if you take out their store card at the till, they care.

          The poor sods that then end up with the bill for they goods they walked out with and end up with the bill a few weeks down the line, they also care.

          Have a search online marcw, you can apply for a lot online with just a name and address and that then leads to the money you you’re on about.

          Happy to agree about IHG though.

        • Callum says:
          28 Oct28 October 03:17

          You do realise name and address are fairly public? Everyone used to have it published in a big book distributed to all for free!

          Most people will also be on the open electoral register with their name and address available for anyone to just walk in and view.

          You’re being hysterical.

    • MD says:
      27 Oct27 October 00:44

      Not the sharpest spoon in the knife drawer, are you? Do you know what identity fraud is?

    • Lady London says:
      27 Oct27 October 01:41

      And your name, date of birth, address, past spending on flights etc will all be changed by getting a new card? That information can all be used for frauds that have nothing to do with cards.

      The problem is under English law you actually have to prove a loss or injury was caused by a specific thing such as British Airways’s lack of care. Once your personal data is left able to be accessed by, say, British Airways, it can easily be another 18 months or even much longer and it could still be being used for fraud. Depending on the fraud it may be very hard for youbto prove it was a direct consequence of the negligence of say, this particular negligence or whatever it was that happened on this incident at British Airways. Maybe a monster fine is the only way of society charging British Airways for this. Since all the incidents of loss caused by this are mostly likely to be impossible to trace back.

      A very long time ago when my cash machine card was stolen my bank told me attempts were still being made to use it 18 months to 2 years later. How much easier it must be to just use someone’s personal data now and keep using it. That is why this matters.

    • Nick says:
      27 Oct27 October 05:56

      Clearly someone totally clueless about identity fraud and how fraudsters work. 🙂

  • Alan says:
    26 Oct26 October 19:43

    My spend was on my IHG card – received an email and text from Creation today confirming they were aware of the breach and monitoring things, no specific action required at present.

    • Shoestring says:
      26 Oct26 October 19:50

      A lot of hackers do it for the hell of it. I’m hoping so in this case, ie nobody has actually lost any money through the hack yet (or so we are told). And we’re not actually being advised to change all our passwords just yet.

      Tried one of my regular passwords in that you’ve been pawned site and so far so good (yep I know my password policy is poor, thanks, no need to bash me on the head)

    • Nick says:
      27 Oct27 October 07:36

      Ditto, buit after I cancelled my current IHG card and got it replaced, as suggested by the person I spoke with at Creation yesterday. Personally I feel more comfortable doing that anyway.

  • KelvinB says:
    26 Oct26 October 20:58

    Seemingly I meet the criteria but I have heard nothing from BA – how can I be certain I am unaffected? Surely they would know when I booked my reward flight and should email me to confirm I’m not affected – no news is not necessarily good news!

  • Anna says:
    26 Oct26 October 21:55

    Why is it only reward transactions which were compromised? I would have thought the system for card payments would be the same regardless of whether you were using avios or just money.

    • RussellH says:
      27 Oct27 October 13:41

      I would guess that BA use a separate part of their system for rewards transactions.

      I have experienced significant differences in the behaviour of transactions when buying investment funds for cash cf. for ‘loyalty bonuses’. Even though the actual screens looked identical, the software underneath behaved quite differently.

  • Ian M says:
    27 Oct27 October 09:22

    Really really poor from BA! I’ve just read this and realised I saw an email on Thursday evening which I deleted. The title as you say was “Update on Theft of Customer Data”. I deleted without reading as I knew I wasn’t effected by the data breach. I’ve just gone into my deleted folder and pulled it out. BA have clearly deliberately used that subject of the email to go under the radar. How low can they go!?!

  • James says:
    27 Oct27 October 09:28

    I agree that the headline is incredibly misleading. I was not part of the original group but my data was part of this second wave. It is not until you get to the third paragraph of the email that you see the phrase “it is possible your personal data may have been compromised” loosely thrown in.

    I was particularly annoyed by the start of the paragraph that followed (“We are very sorry that this criminal activity has occurred.”) and by Cruz’s sign-off (“Once again, we truly apologise for any worry and inconvenience this criminal activity has caused”); British Airways’ failure to accept its own part in this mess is insulting. British Airways should instead be sorry that (a) British Airways did not have an adequate IT security policy; (b) British Airways did not have adequate third party vendor review processes; (c) British Airways did not have adequate systems and procedures in place or sufficient management oversight to detect weaknesses in its security sooner; and (d) British Airways’ leadership has not sufficiently emphasized the importance of data security to create a culture which values customers and their data such that the risks were better mitigated.

    That the latest news, which highlights the impact of his leadership decisions on BA’s most loyal customers (again), should serve to remind the board of Cruz’s complete disregard for the long-term brand value and prospects of the company and should lead them to question – yet again – whether his time is up.

    • Ian M says:
      27 Oct27 October 10:26

      Couldn’t agree more

    • Alan says:
      27 Oct27 October 17:10

      Totally agree.

    • Callum says:
      28 Oct28 October 03:24

      It shouldn’t given, as has been shown time and time and time again, the people incessantly whining about Cruz aren’t particularly representative of BAs customer base.

      People have been whining about the damage caused to BA by X, Y and Z for years and years on this site, yet year by year, passenger numbers increase and profit increases.

      • James says:
        28 Oct28 October 07:45

        I might not be representative of their customer base across the board, but I do fly in CW or F from London to New York at least twice a month, which means that I (and I suspect many other readers of this website who incessantly whine) contribute disproportionately to the profitable part of their operations. I have put up with BA’s lack of investment in its seats and service for a long time because I am so invested in BAEC, but with each problem my loyalty is slowly eroded. Last quarter I started taking every other flight with Delta/Virgin and suspect I will gradually shift my loyalty entirely. What you fail to realize is that BA’s most (and possibly only) profitable customers notice each and every one of the “X, Y and Z” issues and while each one may not be enough to cause them to move allegiance, cumulatively the damage could be catastrophic. Cruz’s mistaken focus means that short term profit growth to placate short term investors could result in the long term dissolution of BA’s profitable loyal customers. Loyalty is hard-won and easily lost.

        • Callum says:
          28 Oct28 October 12:50

          I don’t care what your travel patterns are, your attitude is what isn’t representative. Every single time someone like you pops up to say “this might not make a difference but it will add up and that will eventually” yet that time never comes.

          You also don’t have the slightest idea what Cruz does, so I have no idea why you feel you are more informed about his performance than his bosses are. How arrogant can you get!

This article is closed to new comments. Feel free to ask your question in the HfP forums.

New to Head for Points?

Welcome!  We’re the UK’s most-read source of business travel, Avios, frequent flyer and hotel loyalty news. Let us improve how you travel. Got any questions? Ask them in our forums.

Get 25,000 Avios with the Barclaycard Avios Plus Mastercard

GET A SIGN-UP BONUS OF 18,000 VIRGIN POINTS!

Latest Forum Posts

Get 80,000 bonus points (worth 80,000 Avios) and £400 of dining credit with The Platinum Card (Offer ends 27th May)

Check reward flight availability instantly for free!

See a whole year of reward seat availability on one page at SeatSpy.com

Get up to 10,000 bonus Hilton Honors points

Booking a luxury hotel?

Our luxury hotel booking service offers you GUARANTEED extra benefits over booking direct. Works with Four Seasons, Mandarin Oriental, The Ritz Carlton, St Regis and more. We've booked £1.7 million of rooms to date. Click for details.

SME? GET THE ONLY FREE SMALL BUSINESS CREDIT CARD WHICH CAN EARN AVIOS

Get points worth 30,000 Avios with 'first year free' American Express Gold (ends 27th May)

The UK's biggest frequent flyer website uses cookies, which you can block via your browser settings. Continuing implies your consent to this policy. Our privacy policy is here.

Got it!