Maximise your Avios, air miles and hotel points

British Airways discloses massive new credit card data breach covering Avios redemption flights

Links on Head for Points may support the site by paying a commission.  See here for all partner links.

The British Airways data breach saga, which first emerged in early September, has taken another painful turn for the airline.

British Airways disclosed on Thursday afternoon that a further 185,000 payment cards had potentially been compromised.

These cards had all been used to pay for Avios redemptions between 21st April and 28th July.

Only online bookings at ba.com were impacted.  Redemptions made via the British Airways app or call centre are safe.

Note that ALL forms of Avios redemption appear to be impacted.  You are included if you used Avios to part-pay for a car rental or hotel booking, according to BA.

It is important to note that this is 185,000 ADDITIONAL payment cards which are affected.  British Airways seems to have massaged the headline figure by stripping out cards which were also caught up in the first data breach.

The full statement is here.

The latest disclosure is broken down as follows:

77,000 payment cards have had their name, billing address, email address, payment number, expiry and CVV potentially compromised

108,000 payment cards have been similarly compromised but without the CVV number

You will receive an email during Friday if you are impacted.  According to BA:

“While we do not have conclusive evidence that the data was removed from British Airways’ systems, we are taking a prudent approach in notifying potentially affected customers, advising them to contact their bank or card provider as a precaution.”

On the upside, further investigation by British Airways into the original data breach last month has found that ‘only’ 244,000 payment cards have been compromised compared with the 380,000 figure originally claimed.

And, of course, Cathay Pacific revealed on Thursday that a whopping 9.4m sets of personal records had been unlawfully accessed.  This includes credit card data.

In some ways, this breach could be worse for BA than the original.  185,000 people represents a high percentage of the active British Airways Executive Club base.  The original breach will have caught up a lot of ‘once a year’ flyers whilst this one will be impacting people like us who make up a disproportionate part of BA revenue.  Anyone who has already sat through the 2017 weekend IT failure and the recent failures of the new FLY check-in system will probably have had enough by now.

You can find the latest BA statement on this latest breach here.

PS.  Having now seen the British Airways email, the heading “Update on Theft of Customer Data” is hugely misleading in my opinion and may lead to the email being deleted unread.

PS. If you are not a regular Head for Points visitor, why not sign up for our FREE weekly or daily newsletters? They are full of the latest Avios, airline, hotel and credit card points news and will help you travel better. To join our 65,000 free subscribers, click the button below or visit this page of the site to find out more. Thank you.

How to earn Avios from UK credit cards

How to earn Avios from UK credit cards (April 2025)

As a reminder, there are various ways of earning Avios points from UK credit cards.  Many cards also have generous sign-up bonuses!

In February 2022, Barclaycard launched two exciting new Barclaycard Avios Mastercard cards with a bonus of up to 25,000 Avios. You can apply here.

You qualify for the bonus on these cards even if you have a British Airways American Express card:

Barclaycard Avios Plus card

Barclaycard Avios Plus Mastercard

Get 25,000 Avios for signing up and an upgrade voucher at £10,000 Read our full review

Barclaycard Avios card

Barclaycard Avios Mastercard

Get 5,000 Avios for signing up and an upgrade voucher at £20,000 Read our full review

There are two official British Airways American Express cards with attractive sign-up bonuses:

British Airways American Express Premium Plus

30,000 Avios and the famous annual 2-4-1 voucher Read our full review

British Airways American Express

5,000 Avios for signing up and an Economy 2-4-1 voucher for spending £15,000 Read our full review

You can also get generous sign-up bonuses by applying for American Express cards which earn Membership Rewards points. These points convert at 1:1 into Avios.

SPECIAL OFFER: Until 27th May 2025, the sign-up bonus on the ‘free for a year’ American Express Preferred Rewards Gold card is increased from 20,000 Membership Rewards points to 30,000 points. Points convert 1:1 into Avios (30,000 Avios!) and many other programmes. Some people may see even higher personalised offers. Click here to apply.

SPECIAL OFFER: Until 27th May 2025, the sign-up bonus on American Express Platinum is increased from 50,000 Membership Rewards points to a huge 80,000 points. Points convert 1:1 into Avios (80,000 Avios!) and many other programmes. Some people may see even higher personalised offers. Click here to apply.

American Express Preferred Rewards Gold

Your best beginner’s card – 30,000 points, FREE for a year & four airport lounge passes Read our full review

The Platinum Card from American Express

80,000 bonus points and great travel benefits – for a large fee Read our full review

Run your own business?

We recommend Capital on Tap for limited companies. You earn 1 Avios per £1 which is impressive for a Visa card, and the standard card is FREE. Capital on Tap cards also have no FX fees.

Capital on Tap Visa

NO annual fee, NO FX fees and points worth 1 Avios per £1 Read our full review

Capital on Tap Pro Visa

10,500 points (=10,500 Avios) plus good benefits Read our full review

There is also a British Airways American Express card for small businesses:

British Airways American Express Accelerating Business

30,000 Avios sign-up bonus – plus annual bonuses of up to 30,000 Avios Read our full review

There are also generous bonuses on the two American Express Business cards, with the points converting at 1:1 into Avios. These cards are open to sole traders as well as limited companies.

American Express Business Platinum

50,000 points when you sign-up and an annual £200 Amex Travel credit Read our full review

American Express Business Gold

20,000 points sign-up bonus and FREE for a year Read our full review

Click here to read our detailed summary of all UK credit cards which earn Avios. This includes both personal and small business cards.

Category

British Airways and Avios

Comments (245)

This article is closed to new comments. Feel free to ask your question in the HfP forums.

  • whiskerxx says:
    26 Oct26 October 00:06

    mmm…
    have received an email from BA advising my card details could have been compromised, including the CVV.
    The card details provided by BA are for a card linked to Curve. It was the Curve card I actually used for payment.
    Curve have already reissued my card following the previous announcement of a breach, even though I didn’t request it, and even though any BA transactions I had made using it were, at that time, outside of the previous window given by BA.

  • Oli says:
    26 Oct26 October 00:14

    “Was my data stored on ba.com?

    There are a number of ongoing investigations, including a criminal investigation led by the National Crime Agency. It therefore would not be appropriate to comment at this time.”

    Or in other words: “Yes.”

  • geoffthesaint says:
    26 Oct26 October 00:31

    Atleast we know what sparked the ‘generous’ spend a fiver anywhere to recieve 500 avios offer.

    BA worried people are not using their cards because of the risks…

  • Ted says:
    26 Oct26 October 00:36

    I received an email from Experian on July 29th, telling me my details (email, cards, address etc) had been found online and were being sold. I was told I should change passwords for pretty much everything and to keep an eye on my accounts.

    Today I receive the Amex, then BA emails telling me my details were breached. I’ll need to look back through everything, as I don’t really keep a close eye on what goes out. I presume I’ll also now need to be vigilant for any finance taken out in my name?

    It’s quite irritating. I have issues with remembering passwords as it is, without having to change them again and now left wondering when some crook might stuff me with a few bills

    • Ted says:
      26 Oct26 October 01:23

      Thank you, Hugh. I’ll have a look at those in the morning.

    • Shoestring says:
      26 Oct26 October 06:05

      Hugh – not sure 1password is a very good password.

      Bit obvious if you ask me.

    • Aeronaut says:
      26 Oct26 October 09:47

      Which password manager do people find is the best / easiest to use? (Ideally one that works across Windows, Mac, iOS and Android devices.)

      • Neil Spellings says:
        26 Oct26 October 12:05

        I use LastPass – you have to pay for the premium version for Android but it’s worth it for not having to remember a password and ensuring that each site uses a different complex one.

  • Callum says:
    26 Oct26 October 03:27

    This is going to happen continuously with multiple companies indefinitely.

    The people overly upset about this should really stop using credit/debit cards anywhere. Perhaps get something like Revolut you can tip up every time you want to use it.

    • Erico1875 says:
      26 Oct26 October 06:12

      I agree. They can put all the new security in but criminals will break it. Safecrackers

    • Mark says:
      26 Oct26 October 10:39

      That kind of attitude is part of the problem though. Of course there is no shortage of people out there who will take advantage of any security vulnerabilities. Unfortunately that’s part of the modern world.

      However the onus is very much on companies, particularly major online retailers such as BA, to ensure that their systems are properly designed, implemented, tested and maintained to guard against the risks. The history in this case strongly indicates that’s not happened.

      There’s a reason why fraudsters tend to hit online retailers and not the banks and card issuers directly. The banks realise that security failings could well have a fatal impact on their business. Online retailers and other sites that hold personal data need to start thinking the same way if they aren’t already.

  • Craig says:
    26 Oct26 October 03:38

    Just back from a ‘quick’ Tenerife and back to the news that I’m also now one of the chosen many! Being pragmatic, the fact that BA and Amex are proactively taking responsibility for the howler and that the password I use on those sites isn’t the same as any other leave me mostly unconcerned. I check my accounts most days, if I see something untoward then I’ll make the call and dare them to say it’s my fault. Don’t get me wrong, I fully understand peoples concerns and I’m not being totally blasé, just take basic precautions and ‘trust’ the large corporations to sort out their own FU’s.

  • Seat54 says:
    26 Oct26 October 05:40

    I too am on the sinking ship.

    Is it only the card used for the booking or is it any cards on the account, it says if you made a booking it does not say specifically whether it’s the card used or the cards on the account..

    Also from the BA site I wonder why this only says AMEX……what about other cards………

    Will I be liable for any fraudulent activity?

    American Express Cardmembers are not liable for any fraudulent charges on their credit cards.

    • Hugh says:
      26 Oct26 October 06:21

      I suspect everybody else, once they spoke/speak to their Visa/Mastercard companies, have had their cards changed!

      AMEX have from day 1 of this current debacle, gone down the route of saying we’re monitoring your account, no need for new card numbers

  • hingeless says:
    26 Oct26 October 06:26

    It looks like you need a UK phone number to sign up for the experian site, i don’t have one . . .

    hacked off !

    • Alex W says:
      26 Oct26 October 06:37

      Make one up? I pity if anyone ever has the misfortune of actually owning the phone number 07890123456.

      • hingeless says:
        26 Oct26 October 06:40

        BA seems to be assuming all its customers live in the UK. You would think an airline would know better !!

      • Peter K says:
        26 Oct26 October 07:34

        Mrs K had someone else use her mobile number repeatedly and it had been a right royal nuisance for her with unsolicited sales calls etc though her number is on the TPS. Casey Walker, here’s looking daggers at you!!

      • RussellH says:
        26 Oct26 October 11:04

        If a site insists on a mobile number, my partner and I usually use 07000 000000. There is no usable mobile signal in the house, and as neither of us work anymore we are unlikely to have a phone turned on when away from home, unless we are expecting someone to phone us.

        I was asked recently by an intelligent CS person if that really was my mobile number. I explained why I used it. When I explained she laughed, said that she understood the reasoning and that she would leave the number as it stood.

        • Lady London says:
          27 Oct27 October 02:33

          Errr @RussellH they probably asked you about that number, because it’s already in use with me for quite some time.

    • Roger1* says:
      26 Oct26 October 08:33

      hingeless: you could consider using 0333 8888 8888 – that’s 3x 3 and 8x 8.

      The call is answered with a request to contact you by e-mail.

      Also works with 7x 8, I believe: 0333 888 8888.

    • RussellH says:
      26 Oct26 October 10:59

      Try any number starting 01632 – the original, long superseded code for Newcastle/Tyne. These days it is the OFCOM approved dialing code for use in signage in films and TV programmes.

This article is closed to new comments. Feel free to ask your question in the HfP forums.

New to Head for Points?

Welcome!  We’re the UK’s most-read source of business travel, Avios, frequent flyer and hotel loyalty news. Let us improve how you travel. Got any questions? Ask them in our forums.

Get 25,000 Avios with the Barclaycard Avios Plus Mastercard

GET A SIGN-UP BONUS OF 18,000 VIRGIN POINTS!

Latest Forum Posts

Get 80,000 bonus points (worth 80,000 Avios) and £400 of dining credit with The Platinum Card (Offer ends 27th May)

Check reward flight availability instantly for free!

See a whole year of reward seat availability on one page at SeatSpy.com

Get up to 10,000 bonus Hilton Honors points

Booking a luxury hotel?

Our luxury hotel booking service offers you GUARANTEED extra benefits over booking direct. Works with Four Seasons, Mandarin Oriental, The Ritz Carlton, St Regis and more. We've booked £1.7 million of rooms to date. Click for details.

SME? GET THE ONLY FREE SMALL BUSINESS CREDIT CARD WHICH CAN EARN AVIOS

Get points worth 30,000 Avios with 'first year free' American Express Gold (ends 27th May)

The UK's biggest frequent flyer website uses cookies, which you can block via your browser settings. Continuing implies your consent to this policy. Our privacy policy is here.

Got it!