Maximise your Avios, air miles and hotel points

British Airways discloses massive new credit card data breach covering Avios redemption flights

Links on Head for Points may support the site by paying a commission.  See here for all partner links.

The British Airways data breach saga, which first emerged in early September, has taken another painful turn for the airline.

British Airways disclosed on Thursday afternoon that a further 185,000 payment cards had potentially been compromised.

These cards had all been used to pay for Avios redemptions between 21st April and 28th July.

Only online bookings at ba.com were impacted.  Redemptions made via the British Airways app or call centre are safe.

Note that ALL forms of Avios redemption appear to be impacted.  You are included if you used Avios to part-pay for a car rental or hotel booking, according to BA.

It is important to note that this is 185,000 ADDITIONAL payment cards which are affected.  British Airways seems to have massaged the headline figure by stripping out cards which were also caught up in the first data breach.

The full statement is here.

The latest disclosure is broken down as follows:

77,000 payment cards have had their name, billing address, email address, payment number, expiry and CVV potentially compromised

108,000 payment cards have been similarly compromised but without the CVV number

You will receive an email during Friday if you are impacted.  According to BA:

“While we do not have conclusive evidence that the data was removed from British Airways’ systems, we are taking a prudent approach in notifying potentially affected customers, advising them to contact their bank or card provider as a precaution.”

On the upside, further investigation by British Airways into the original data breach last month has found that ‘only’ 244,000 payment cards have been compromised compared with the 380,000 figure originally claimed.

And, of course, Cathay Pacific revealed on Thursday that a whopping 9.4m sets of personal records had been unlawfully accessed.  This includes credit card data.

In some ways, this breach could be worse for BA than the original.  185,000 people represents a high percentage of the active British Airways Executive Club base.  The original breach will have caught up a lot of ‘once a year’ flyers whilst this one will be impacting people like us who make up a disproportionate part of BA revenue.  Anyone who has already sat through the 2017 weekend IT failure and the recent failures of the new FLY check-in system will probably have had enough by now.

You can find the latest BA statement on this latest breach here.

PS.  Having now seen the British Airways email, the heading “Update on Theft of Customer Data” is hugely misleading in my opinion and may lead to the email being deleted unread.

PS. If you are not a regular Head for Points visitor, why not sign up for our FREE weekly or daily newsletters? They are full of the latest Avios, airline, hotel and credit card points news and will help you travel better. To join our 65,000 free subscribers, click the button below or visit this page of the site to find out more. Thank you.

How to earn Avios from UK credit cards

How to earn Avios from UK credit cards (April 2025)

As a reminder, there are various ways of earning Avios points from UK credit cards.  Many cards also have generous sign-up bonuses!

In February 2022, Barclaycard launched two exciting new Barclaycard Avios Mastercard cards with a bonus of up to 25,000 Avios. You can apply here.

You qualify for the bonus on these cards even if you have a British Airways American Express card:

Barclaycard Avios Plus card

Barclaycard Avios Plus Mastercard

Get 25,000 Avios for signing up and an upgrade voucher at £10,000 Read our full review

Barclaycard Avios card

Barclaycard Avios Mastercard

Get 5,000 Avios for signing up and an upgrade voucher at £20,000 Read our full review

There are two official British Airways American Express cards with attractive sign-up bonuses:

British Airways American Express Premium Plus

30,000 Avios and the famous annual 2-4-1 voucher Read our full review

British Airways American Express

5,000 Avios for signing up and an Economy 2-4-1 voucher for spending £15,000 Read our full review

You can also get generous sign-up bonuses by applying for American Express cards which earn Membership Rewards points. These points convert at 1:1 into Avios.

SPECIAL OFFER: Until 27th May 2025, the sign-up bonus on the ‘free for a year’ American Express Preferred Rewards Gold card is increased from 20,000 Membership Rewards points to 30,000 points. Points convert 1:1 into Avios (30,000 Avios!) and many other programmes. Some people may see even higher personalised offers. Click here to apply.

SPECIAL OFFER: Until 27th May 2025, the sign-up bonus on American Express Platinum is increased from 50,000 Membership Rewards points to a huge 80,000 points. Points convert 1:1 into Avios (80,000 Avios!) and many other programmes. Some people may see even higher personalised offers. Click here to apply.

American Express Preferred Rewards Gold

Your best beginner’s card – 30,000 points, FREE for a year & four airport lounge passes Read our full review

The Platinum Card from American Express

80,000 bonus points and great travel benefits – for a large fee Read our full review

Run your own business?

We recommend Capital on Tap for limited companies. You earn 1 Avios per £1 which is impressive for a Visa card, and the standard card is FREE. Capital on Tap cards also have no FX fees.

Capital on Tap Visa

NO annual fee, NO FX fees and points worth 1 Avios per £1 Read our full review

Capital on Tap Pro Visa

10,500 points (=10,500 Avios) plus good benefits Read our full review

There is also a British Airways American Express card for small businesses:

British Airways American Express Accelerating Business

30,000 Avios sign-up bonus – plus annual bonuses of up to 30,000 Avios Read our full review

There are also generous bonuses on the two American Express Business cards, with the points converting at 1:1 into Avios. These cards are open to sole traders as well as limited companies.

American Express Business Platinum

50,000 points when you sign-up and an annual £200 Amex Travel credit Read our full review

American Express Business Gold

20,000 points sign-up bonus and FREE for a year Read our full review

Click here to read our detailed summary of all UK credit cards which earn Avios. This includes both personal and small business cards.

Category

British Airways and Avios

Comments (245)

This article is closed to new comments. Feel free to ask your question in the HfP forums.

  • Matt H says:
    25 Oct25 October 22:35

    Had the email from.amex. Had already cancelled BA Amex card at end of July due to fraud. Now I know why. They are clearly being dishonest when they say no fraud has been identified. Whilst I can’t prove it was linked I’m very careful and haven’t had issues before. BA are just coming across dishonest and incompetent.

    • Callum says:
      26 Oct26 October 03:23

      No, you don’t know why.

      And even if you did know for sure it was linked, it doesn’t mean that BA knows it’s linked.

  • Cuchlainn says:
    25 Oct25 October 22:35

    Confused ??

    1. Email this afternoon from Amex re possible breach via BA on my current PRG Charge Card……
    2. 21.08hrs – email from CRUZ saying my details ( but not my CVV……. figure that out !! ) have been harvested / hacked whilst booking a redemption flight between 21st April and 28th July 2018

    WRONG !!
    1. The only redemption flights I have booked were on OTH’s BAPP Amex. AND
    2. Only booked 2 weeks ago using OTH’s BAPP and 2 x 2for1 BA vouchers ( 1 mine and 1 OTH)

    Seriously think left hand doesn’t know what right hand is doing but trust AMEX many times over BA.

  • Alan says:
    25 Oct25 October 22:39

    Just had two emails – one for OB redemption, another for BAEC.

    I keep a close eye on card activity, but it’s the leak of all the other personal data too which is unacceptable.

    Not impressed!

  • Ryan says:
    25 Oct25 October 22:54

    Same as others; got the American Express e-mail and then, after, the BA e-mail. BAPP Card expires at the end of the month but still, not great.

    Never seen my credit report before so that’s something at least.

  • Simon Blackburn says:
    25 Oct25 October 22:59

    The thing that strikes me is that I’m sure last time the issue was that they got the cvv numbers because they were getting data in transit. This time they haven’t. Just speculation but sounds to me that in investigating breach number one they found this breach which (a) they never noticed before now but (b) inadvertently brought to a close by upgrading / changing something at the end of the period.
    Just makes me wonder over what time period they’ve been having these sorts of issue. And also – this is the sort of thing that you have internal audit/assurance checks for. Where was the testing programme?

    • sunguy says:
      26 Oct26 October 00:38

      You mean – there is an outsourced IT operation somewhere that actually does testing ???!!!??

      Oooh….Id love to know who does this…

      Testing, of course, is expensive, needs to be constructed correctly and takes people that know both the system they are testing, along with the outcomes and required performance – its what makes a transformation project very expensive to the management…so why bother…if it does what it says it should – why bother testing… (BA, TSB just in the last few months alone!).

      • Simon says:
        26 Oct26 October 09:23

        A decent audit committee would insist on some sort of testing programme on the work of the outsourced company… I can’t believe they have pushed all assurance up to Group level so would hope there was someone at BA level trying to do this. But obviously not…

    • Genghis says:
      27 Oct27 October 07:39

      Is that another #expectationsgap example? The first line business should take responsibility for the risks that they’re running. A second line function should then check and test and the whole control framework should be tested by internal audit, the third line.

  • Cal says:
    25 Oct25 October 23:03

    I got the email as well and I had made a reward booking for an AA flight in that period.

    In late September/early October I had about £900 worth of fraudulent charges but because I didn’t fit in the first BA window I just thought it was unlucky. It did seem a bit odd however as I had really used that card much since my BA purchase… I should have guessed BA weren’t being completely honest.

  • Dave says:
    25 Oct25 October 23:32

    Received data breach emails from BA and Cathay Pacific less than an hour apart. ‘triffic

  • Hugh says:
    26 Oct26 October 00:01

    I smell a rat in all this and I’m sure they’ve suspected something else was amiss – Tesco cancelled my credit card and issued a new one for no apparent reason – Tesco said for data security concerns, but was unable to tell me exactly why.

    now to go through all the palaver of registering with the credit report website – I can see this is going to be another source of trouble as they don’t mention anything on the BA website about this, so this will be a godsend for frausters

This article is closed to new comments. Feel free to ask your question in the HfP forums.

New to Head for Points?

Welcome!  We’re the UK’s most-read source of business travel, Avios, frequent flyer and hotel loyalty news. Let us improve how you travel. Got any questions? Ask them in our forums.

Get 25,000 Avios with the Barclaycard Avios Plus Mastercard

GET A SIGN-UP BONUS OF 18,000 VIRGIN POINTS!

Latest Forum Posts

Get 80,000 bonus points (worth 80,000 Avios) and £400 of dining credit with The Platinum Card (Offer ends 27th May)

Check reward flight availability instantly for free!

See a whole year of reward seat availability on one page at SeatSpy.com

Get up to 10,000 bonus Hilton Honors points

Booking a luxury hotel?

Our luxury hotel booking service offers you GUARANTEED extra benefits over booking direct. Works with Four Seasons, Mandarin Oriental, The Ritz Carlton, St Regis and more. We've booked £1.7 million of rooms to date. Click for details.

SME? GET THE ONLY FREE SMALL BUSINESS CREDIT CARD WHICH CAN EARN AVIOS

Get points worth 30,000 Avios with 'first year free' American Express Gold (ends 27th May)

The UK's biggest frequent flyer website uses cookies, which you can block via your browser settings. Continuing implies your consent to this policy. Our privacy policy is here.

Got it!