Maximise your Avios, air miles and hotel points

British Airways discloses massive new credit card data breach covering Avios redemption flights

Links on Head for Points may support the site by paying a commission.  See here for all partner links.

The British Airways data breach saga, which first emerged in early September, has taken another painful turn for the airline.

British Airways disclosed on Thursday afternoon that a further 185,000 payment cards had potentially been compromised.

These cards had all been used to pay for Avios redemptions between 21st April and 28th July.

Only online bookings at ba.com were impacted.  Redemptions made via the British Airways app or call centre are safe.

Note that ALL forms of Avios redemption appear to be impacted.  You are included if you used Avios to part-pay for a car rental or hotel booking, according to BA.

It is important to note that this is 185,000 ADDITIONAL payment cards which are affected.  British Airways seems to have massaged the headline figure by stripping out cards which were also caught up in the first data breach.

The full statement is here.

The latest disclosure is broken down as follows:

77,000 payment cards have had their name, billing address, email address, payment number, expiry and CVV potentially compromised

108,000 payment cards have been similarly compromised but without the CVV number

You will receive an email during Friday if you are impacted.  According to BA:

“While we do not have conclusive evidence that the data was removed from British Airways’ systems, we are taking a prudent approach in notifying potentially affected customers, advising them to contact their bank or card provider as a precaution.”

On the upside, further investigation by British Airways into the original data breach last month has found that ‘only’ 244,000 payment cards have been compromised compared with the 380,000 figure originally claimed.

And, of course, Cathay Pacific revealed on Thursday that a whopping 9.4m sets of personal records had been unlawfully accessed.  This includes credit card data.

In some ways, this breach could be worse for BA than the original.  185,000 people represents a high percentage of the active British Airways Executive Club base.  The original breach will have caught up a lot of ‘once a year’ flyers whilst this one will be impacting people like us who make up a disproportionate part of BA revenue.  Anyone who has already sat through the 2017 weekend IT failure and the recent failures of the new FLY check-in system will probably have had enough by now.

You can find the latest BA statement on this latest breach here.

PS.  Having now seen the British Airways email, the heading “Update on Theft of Customer Data” is hugely misleading in my opinion and may lead to the email being deleted unread.

How to earn Avios from UK credit cards

How to earn Avios from UK credit cards (April 2024)

As a reminder, there are various ways of earning Avios points from UK credit cards.  Many cards also have generous sign-up bonuses!

In February 2022, Barclaycard launched two exciting new Barclaycard Avios Mastercard cards with a bonus of up to 25,000 Avios. You can apply here.

You qualify for the bonus on these cards even if you have a British Airways American Express card:

Barclaycard Avios Plus card

Barclaycard Avios Plus Mastercard

Get 25,000 Avios for signing up and an upgrade voucher at £10,000 Read our full review

Barclaycard Avios card

Barclaycard Avios Mastercard

5,000 Avios for signing up and an upgrade voucher at £20,000 Read our full review

There are two official British Airways American Express cards with attractive sign-up bonuses:

British Airways American Express Premium Plus

25,000 Avios and the famous annual 2-4-1 voucher Read our full review

British Airways American Express

5,000 Avios for signing up and an Economy 2-4-1 voucher for spending £15,000 Read our full review

You can also get generous sign-up bonuses by applying for American Express cards which earn Membership Rewards points. These points convert at 1:1 into Avios.

American Express Preferred Rewards Gold

Your best beginner’s card – 20,000 points, FREE for a year & four airport lounge passes Read our full review

The Platinum Card from American Express

40,000 bonus points and a huge range of valuable benefits – for a fee Read our full review

Run your own business?

We recommend Capital on Tap for limited companies. You earn 1 Avios per £1 which is impressive for a Visa card, along with a sign-up bonus worth 10,500 Avios.

SPECIAL OFFER: Until 12th May 2024, the Capital on Tap Business Rewards Visa card is offering a bonus of 30,000 points, convertible into 30,000 Avios. You must have a Limited Company to apply. Click here to learn more and click here to apply.

Capital on Tap Business Rewards Visa

Huge 30,000 points bonus until 12th May 2024 Read our full review

You should also consider the British Airways Accelerating Business credit card. This is open to sole traders as well as limited companies and has a 30,000 Avios sign-up bonus.

British Airways Accelerating Business American Express

30,000 Avios sign-up bonus – plus annual bonuses of up to 30,000 Avios Read our full review

There are also generous bonuses on the two American Express Business cards, with the points converting at 1:1 into Avios. These cards are open to sole traders as well as limited companies.

American Express Business Platinum

40,000 points sign-up bonus and an annual £200 Amex Travel credit Read our full review

American Express Business Gold

20,000 points sign-up bonus and FREE for a year Read our full review

Click here to read our detailed summary of all UK credit cards which earn Avios. This includes both personal and small business cards.

Category

British Airways and Avios

Comments (251)

This article is closed to new comments. Feel free to ask your question in the HfP forums.

  • Mikeact says:
    26 Oct26 October 09:30

    I’m just waiting for the next security issue to come along….Iberia ?

    • Alex Sm says:
      26 Oct26 October 09:46

      Did any US airlines say anything anti-Trump recently? If so, they might be the next target if you read the news…

  • Nick says:
    26 Oct26 October 09:30

    I’m on the list this time. I have no idea what credit card I used for the booking(s) in that window. Great.

    There is a (possibly unfair) part of me that hopes BA get material fine for this. Not necessarily because I am personally involved, although that does piss me off mightily. but because I want to see Walsh and Cruz get their comeuppance for overseeing years of decline in the product which I assume meant a decline/cost cutting in other areas of their operation which I (admittedly ignorantly) assume led to the breaches.

    The email is dreadful, by the way. Passive, semi-apology for the behaviour of criminals but not their own negligence. BA- criminals will always exist. Yes they are the bad guys but the whole point is that we should be able to trust you when we give you our credit card details. It’s like a hotel apologising for the rain if the roof leaks during a storm. Understand and communicate your own failings and explain what is being done to rectify them, don’t just tell us big boys came and ran away with our data.

    • Crafty says:
      26 Oct26 October 10:20

      +1. I hope they are the first firm made an example of in the GDPR era.

    • Lumma says:
      26 Oct26 October 10:31

      Confirmation email will tell you which card you used for a booking. I had 3 avios redemptions in the period. 2 I used PayPal and another I used my gold AMEX

  • Dave says:
    26 Oct26 October 09:32

    Do you think the knock on effect could end up another devauling of air miles to cover the losses in this department?

  • P H says:
    26 Oct26 October 09:36

    As others, I received the email from Amex but as yet nothing at all from BA. This is pretty shoddy stuff and as an earlier poster said, at what stage do those affected by the financial risk get something other than empty apologies for the negligence of BA and others? It takes time out of the day to chase these things up, change cards, account details etc. There seems little or no recognition of this by most companies.

    Having had a recent spell working in GRC (Governance, Risk and Compliance) consultancy, the state of how well monitored and governed key processes are is much worse than most would imagine. Or maybe not. And we are talking very large and data-sensitive organisations. I couldn’t possibly say if IAG are one of those clients….

    • meta says:
      26 Oct26 October 10:04

      I received an email last night from BA, but unlike others here haven’t received anything from Amex! I did make a redemption using Amex at the time which I still have. 12 months free Experian identity protection? It’s a joke. What’s to stop fraudster using your card 18 months from now when things are forgotten? Most cards expiry dates are 3-4 years from now and some of us don’t churn all cards.

  • Pierre says:
    26 Oct26 October 10:06

    I’m also impacted this time, 24 h after being notified by CX…time to join the class action!

  • Joan says:
    26 Oct26 October 10:09

    I had both the BA and the Amex email last time , then again yesterday ! I signed up for the BA offer for a year’s worth of Experian protect my id subbscription , although that freaks me when I get a text alert from them ( turns out to be nothing significant when I log in ????‍♀️).

  • Dwadda says:
    26 Oct26 October 10:16

    BA is liable for a £500m fine. Why should governments get this? It is tax if they do. Here the injuried parties (including me this time) are identifiable. Each of us (244k+185k) should get £1165. I’ll have that in cash thanks, I already have over 400k avios.

    • Dwadda says:
      26 Oct26 October 10:34

      BTW, I don’t know if anyone has used my card, everything is paid by DD and I don’t check my statements (I reckon most people don’t).

      I’m pissed off because now I feel vulnerable. BA has harmed my wellbeing by cutting corners with their IT.

      Recompense to the injured parties is the equitable remedy. This will harm their shareholders. That should get them to understand that that is the price they pay for putting penny pinching managers in chaarge of their company.

      BA needs to do this to save their brand. Having Cruz fall on his sword would help too.

      That is BA’s reality. Not that ill worded, we’re the injured party, crap they sent in their email yesterday. I found that email deeply insulting. Whoever wrote and approved it damaged BAs reputation with (as Rob pointed out) their best customers.

      • Sandra says:
        26 Oct26 October 12:12

        I may be regarded as anally retarded and having time to waste but I check every single bank and credit card statement these days ticking off everything and I check my bank and my BAPP (new card after the last BA breach) nearly every day via the apps. It always used to be something small put through first of all as a test, however last year the first fraud attempt on my debit card was £379.99 before they went for the biggie of nearly £3K. Luckily I spotted the £379.99 on the day it went through (and was refunded by my bank several days later) but feeling optimistic the fraudsters were then going for nearly £3K which my banks fraud department, when I called them about the first amount, had already spotted, ringfenced and were just about to contact me and check.

      • Craig says:
        26 Oct26 October 12:28

        Still using Microsoft Money 2004 to reconcile all transactions, it gets more difficult in this game with multiple cards and churning. The sad fact is that I’m running it on a Mac because despite trying several alternatives I can’t find anything that even comes close.

    • Thomas Howard says:
      26 Oct26 October 12:46

      Where would the money from any fine (speeding, court imposed, etc) go to if it wasn’t to the Treasury? Also, think of it as idiots reducing the amount that the government has to tax the rest of us.

  • Nigel Green says:
    26 Oct26 October 10:51

    Woeful response from BA and all credit to AMEX Only BA could try to fix customer concerns by inviting sign up to Experian Guardian Newspaper headline 2015 “Experian hack exposes 15 million people’s personal information” Still BA have a new coffee supplier so all is well in Mr Cruz’s deluded little world

This article is closed to new comments. Feel free to ask your question in the HfP forums.

New to Head for Points?

Welcome!  We’re the UK’s most-read source of business travel, Avios, frequent flyer and hotel loyalty news. Let us improve how you travel. Got any questions? Ask them in our forums.

Latest Forum Posts

Get 40,000 bonus points (worth 40,000 Avios) and £300 dining credit with The Platinum Card

Check reward flight availability instantly for free!

See a whole year of reward seat availability on one page at SeatSpy.com

Get £10 when you spend £150 on your free Currensea card

Booking a luxury hotel?

Our luxury hotel booking service offers you GUARANTEED extra benefits over booking direct. Works with Four Seasons, Mandarin Oriental, The Ritz Carlton, St Regis and more. We've booked £1.7 million of rooms to date. Click for details.

SME? SPECIAL OFFER TO 12TH MAY EARN POINTS WORTH 30,000 AVIOS WITH CAPITAL ON TAP

Get 20,000 bonus points, four airport lounge passes and your first year free with American Express Gold

The UK's biggest frequent flyer website uses cookies, which you can block via your browser settings. Continuing implies your consent to this policy. Our privacy policy is here.

Got it!