[Misc] BA hacking, anyone had their card used fraudulently since?

Icy Gull · Sep 19, 2018

I wondered why my Virgin card was being refused yesterday and this morning. Virgin let me know that they were replacing my card about two days after the hacking came to light. I thought it was a little irritating but could see the reasoning.

I was told my old card would work for another two weeks and would be cancelled as soon as I used the new one, which I only received yesterday.

Over the last couple of days I have had my card refused so figured that Virgin had cancelled it early. Went on today to activate the new card to find some See you next Tuesday from the Mansfield area had used my card to buy shoes and clothes. As I don’t shop in Mansfield and I haven’t ordered any clothes or shoes on my card it came as a bit of a shock.

Full marks to Virgin for stopping the card when they spotted unusual activity on my card as it turns out the little scrote had tried the card in a number of shops online since yesterday. Virgin have agreed to refund the items which didn’t really come to that much, so all good there.

Anyone else on here been done?.

This is a first for me.

studio150 · Sep 19, 2018

Icy Gull said:
I wondered why my Virgin card was being refused yesterday and this morning. Virgin let me know that they were replacing my card about two days after the hacking came to light. I thought it was a little irritating but could see the reasoning.

I was told my old card would work for another two weeks and would be cancelled as soon as I used the new one.

Over the last couple of days I have had my card refused so figured that Virgin had cancelled it early. Went on today to activate the new card to find some See you next Tuesday from the Mansfield area had used my card to buy shoes and clothes. As I don’t shop in Mansfield and I haven’t ordered any clothes or shoes on my card it came as a bit of a shock.

Full marks to Virgin for stopping the card when they spotted unusual activity on my card as it turns out the little scrote had tried the card in a number of shops since yesterday. Virgin have agreed to refund the items which didn’t really come to that much, so all good there.

Anyone else on here been done?.

Not got caught out with the BA one, but had a fraudulent purchase on my Virgin Card earlier this year, with a purchase of some electrical goods in Sheffield. Phoned Virgin and they had already refused another purchase from the same retailer the next day. Item taken off of statement and not had to pay anything.

The only downside is that having my card replacement due to the fraud, then replaced due to expiry and then replaced due to Ticketmaster I'm now on my 4th Virgin card this year, which is a bit of a pain where I have it stored with online retailers. Although given the increasing number of hacks on large companies who really should have more secure sites I'm now very reluctant to agree to store my card details to make future purchases easier,

I was impressed with how Virgin dealt with the issue

Dick Swiveller · Sep 19, 2018

Not been done on BA but I used my card at a garden centre in Chessington a few years ago. Had a £300 limo charge appear a couple of weeks later in Twickenham which is why I suspect the garden centre. All refunded fine and didn't affect my credit score but annoying nonetheless.

SeagullSarge · Sep 19, 2018

Icy Gull said:
I wondered why my Virgin card was being refused yesterday and this morning. Virgin let me know that they were replacing my card about two days after the hacking came to light. I thought it was a little irritating but could see the reasoning.

I was told my old card would work for another two weeks and would be cancelled as soon as I used the new one, which I only received yesterday.

Over the last couple of days I have had my card refused so figured that Virgin had cancelled it early. Went on today to activate the new card to find some See you next Tuesday from the Mansfield area had used my card to buy shoes and clothes. As I don’t shop in Mansfield and I haven’t ordered any clothes or shoes on my card it came as a bit of a shock.

Full marks to Virgin for stopping the card when they spotted unusual activity on my card as it turns out the little scrote had tried the card in a number of shops online since yesterday. Virgin have agreed to refund the items which didn’t really come to that much, so all good there.

Anyone else on here been done?.

This is a first for me.

I had my debit card details stollen as part of the BA hack, been a bit of a hassle renewing cards and constantly checking my statements for fraud. No unauthorised activity yet thankfully but I’m totally annoyed to be in this position anyway! Have you signed up to the group action lawsuit against them?

Bozza · Sep 19, 2018

Putting 2 and 2 together I wonder if that's why Nat West both texted me overnight and then called me this morning to check the validity of some recent transactions.

It was the card I used to book flights and hotel for the FA Cup game at Manchester United last season.

They were all my transactions as it turned out, and I've just checked my account online and can't find anything untoward.

casbom · Sep 19, 2018

SeagullSarge said:
I had my debit card details stollen as part of the BA hack, been a bit of a hassle renewing cards and constantly checking my statements for fraud. No unauthorised activity yet thankfully but I’m totally annoyed to be in this position anyway! Have you signed up to the group action lawsuit against them?

Lawsuit? Wow! Where's there's a blame there's a claim eh? Did it ever occur to you that there is nothing that BA could have done with this fraudulent activity?

It was very sophisticated which was nothing like has been seen before, BA have done all they can to help Customers affected by this and to ensure that no one has to pay for it. Jeez some people.

Natwest emailed me around 2 weeks after it happened and told me they are sending me a new card but can still use my card in person but not for online purchases.

Icy Gull · Sep 19, 2018

Bozza said:
Putting 2 and 2 together I wonder if that's why Nat West both texted me overnight and then called me this morning to check the validity of some recent transactions.

It was the card I used to book flights and hotel for the FA Cup game at Manchester United last season.

They were all my transactions as it turned out, and I've just checked my account online and can't find anything untoward.

I think the hack was between around 22 Aug to 31 Aug this year where they picked up The CVC numbers as customers entered them. BA deny they store them so it allegedly had to happen at the time of transaction.

Icy Gull · Sep 19, 2018

SeagullSarge said:
I had my debit card details stollen as part of the BA hack, been a bit of a hassle renewing cards and constantly checking my statements for fraud. No unauthorised activity yet thankfully but I’m totally annoyed to be in this position anyway! Have you signed up to the group action lawsuit against them?

Nope, tell me more. I wouldn’t bother normally but BA are such an arrogant cut throat company that I’d do it just for the schadenfraude.

I have never used a debit card online as I was under the impression that it was much more difficult to claw back the money than on a credit card?

Badger Boy · Sep 19, 2018

Icy Gull said:
I think the hack was between around 22 Aug to 31 Aug this year where they picked up The CVC numbers as customers entered them. BA deny they store them so it allegedly had to happen at the time of transaction.

If the hackers got the PIN numbers then they would have had a key logger in the point of sale terminals themselves which made a record of them. The PIN number is not stored by the terminal so the only way it can be "stolen" is at the point of entry, either by someone (or a camera) positioned to view the PIN or the terminal itself being compromised and recording or sending the entry in some way. BA would store card numbers and security codes and expiry dates, but nothing PIN related. I haven't read about the breach too much but there are breaches all the time which you don't hear about.

Just keep checking your accounts online and report any suspicious activity if you see it. Card issuing companies are heavily regulated, they'll always get it sorted out.

Gazwag · Sep 19, 2018

SeagullSarge said:
I had my debit card details stollen as part of the BA hack, been a bit of a hassle renewing cards and constantly checking my statements for fraud. No unauthorised activity yet thankfully but I’m totally annoyed to be in this position anyway! Have you signed up to the group action lawsuit against them?

oh good higher plane fares, was the cake nice btw

Springal · Sep 19, 2018

Mine was allegedly taken but not been used (yet) - AMEX actually are not automatically replacing them but closely monitoring those affected.

Actually the likely cause of the BA stuff was due to all the crap ads, trackers, stuff being injected into website. Hence why I always use uBlock Origin

Icy Gull · Sep 19, 2018

Badger Boy said:
If the hackers got the PIN numbers then they would have had a key logger in the point of sale terminals themselves which made a record of them. The PIN number is not stored by the terminal so the only way it can be "stolen" is at the point of entry, either by someone (or a camera) positioned to view the PIN or the terminal itself being compromised and recording or sending the entry in some way. BA would store card numbers and security codes and expiry dates, but nothing PIN related. I haven't read about the breach too much but there are breaches all the time which you don't hear about.

Just keep checking your accounts online and report any suspicious activity if you see it. Card issuing companies are heavily regulated, they'll always get it sorted out.

Sorry I meant the last 3 CVC Numbers on the back of the card or the four on the front of an Amex, not the PIN numbers

These do need to be entered on booking with BA and armed with those numbers and the card number and expiry date, the online world appears to be your lobster (courtesy of Del Boy) :wink:

dazzer6666 · Sep 19, 2018

Springal said:
Mine was allegedly taken but not been used (yet) - AMEX actually are not automatically replacing them but closely monitoring those affected.

Actually the likely cause of the BA stuff was due to all the crap ads, trackers, stuff being injected into website. Hence why I always use uBlock Origin

Same here....nothing untoward so far though but keeping a slightly closer eye on it than normal.

If your card is fraudulently used, there really is no need to panic or worry - replacement cards and full refunds will usually be very quick as [MENTION=33885]Badger Boy[/MENTION] states - card issuers get slaughtered by regulators for not dealing with things like this rapidly.

LowKarate · Sep 19, 2018

Dick Swiveller said:
Not been done on BA but I used my card at a garden centre in Chessington a few years ago. Had a £300 limo charge appear a couple of weeks later in Twickenham which is why I suspect the garden centre. All refunded fine and didn't affect my credit score but annoying nonetheless.

This garden centre in Chessington of which ye speak, would that be Chessington Garden Centre? (just a wild stab in the dark there).

If so, it would be a surprising place for fraud as it is a popular destination for the Police to hang out and have breakfast (mainly) as well as lunch and dinner. I discovered this fact going there one morning, when there were so many police cars in the car park that I thought they’d been raided and then I saw the restaurant... A police friend later confirmed its popularity within the force.

Icy Gull · Sep 19, 2018

dazzer6666 said:
Same here....nothing untoward so far though but keeping a slightly closer eye on it than normal.

If your card is fraudulently used, there really is no need to panic or worry - replacement cards and full refunds will usually be very quick as [MENTION=33885]Badger Boy[/MENTION] states - card issuers get slaughtered by regulators for not dealing with things like this rapidly.

Yeah an it’s the merchants who take the card who have to suffer the consequences I believe. The credit card companies charge all fraudulent activity back to them as far as I’m aware.

beorhthelm · Sep 19, 2018

casbom said:
Lawsuit? Wow! Where's there's a blame there's a claim eh? Did it ever occur to you that there is nothing that BA could have done with this fraudulent activity?

It was very sophisticated which was nothing like has been seen before,

the hack was due to insecure practices, allowing external scripts to be loaded, so open to a rogue script. they put fancy shizzle over securing core function, this is the consequence.

dazzer6666 · Sep 19, 2018

Icy Gull said:
Yeah an it’s the merchants who take the card who have to suffer the consequences I believe. The credit card companies charge all fraudulent activity back to them as far as I’m aware.

Depends on the circumstances - I think it's typically (or at least historically) about a 60/40 card issuer/merchant split..........

Barclaycard (as an example) state the following :

Fraud liability – who pays?

If fraud happens, who the liability sits with depends on the method used to take the payment:

Face to face payments using Contactless or Chip & PIN – Merchant is not liable
Other face to face payments not using Contactless or Chip & PIN (e.g. Chip & Signature, manually keying in the long card number, or using the card’s Magnetic Stripe) – Merchant may be liable
Payments by postal mail – Merchant is liable
Payments by telephone – Merchant is liable
Online payments taken using 3-D Secure (namely Mastercard SecureCode, Verified by Visa and American Express SafeKey) – Merchant is not liable
Online payments taken without using 3-D Secure – Merchant is liable

SeagullSarge · Sep 19, 2018

casbom said:
Lawsuit? Wow! Where's there's a blame there's a claim eh? Did it ever occur to you that there is nothing that BA could have done with this fraudulent activity?

It was very sophisticated which was nothing like has been seen before, BA have done all they can to help Customers affected by this and to ensure that no one has to pay for it. Jeez some people.

Natwest emailed me around 2 weeks after it happened and told me they are sending me a new card but can still use my card in person but not for online purchases.

Blame/Claim culture is not something I would normally condone and indeed, ambulance chasing is arguably more damaging than the incident itself. However, in this instance a multi-million pound, FTSE 100 company has not protected the assets of their customers in a satisfactory way, I'm afraid I have to disagree with your comments. As someone who has had their personal details and payment details stolen, I am indeed hugely upset that this has happened to me and in a manner not not as "sophisticated" as you have intimated. There are very strict guidelines set out for the handling of this information and BA has not adhered to them, that is potentially negligence. Its not about what BA have done after the fact, its about the very principle of the handling and storage of very sensitive information as per GDPR.

If you feel a huge company should just walk quietly into the night after such a huge breach than fair enough, I for one feel BA should be held accountable for their actions.

SeagullSarge · Sep 19, 2018

Icy Gull said:
Nope, tell me more. I wouldn’t bother normally but BA are such an arrogant cut throat company that I’d do it just for the schadenfraude.

I have never used a debit card online as I was under the impression that it was much more difficult to claw back the money than on a credit card?

Here you go https://www.badatabreach.com

This has been plaster across the various media outlets, SPG specialise in group/class action lawsuits again big companies.

dazzer6666 · Sep 19, 2018

SeagullSarge said:
Blame/Claim culture is not something I would normally condone and indeed, ambulance chasing is arguably more damaging than the incident itself. However, in this instance a multi-million pound, FTSE 100 company has not protected the assets of their customers in a satisfactory way, I'm afraid I have to disagree with your comments. As someone who has had their personal details and payment details stolen, I am indeed hugely upset that this has happened to me and in a manner not not as "sophisticated" as you have intimated. There are very strict guidelines set out for the handling of this information and BA has not adhered to them, that is potentially negligence. Its not about what BA have done after the fact, its about the very principle of the handling and storage of very sensitive information as per GDPR.

If you feel a huge company should just walk quietly into the night after such a huge breach than fair enough, I for one feel BA should be held accountable for their actions.

We're all a bit pissed off about it, but what personal impact/loss have you suffered that personal financial compensation will mitigate ? They will be held accountable for their actions - the ICO will be all over them

Got something to say or just want fewer pesky ads? Join us... 😊

[Misc] BA hacking, anyone had their card used fraudulently since?

Back on the rollercoaster

Well-known member

Well-known member

Active member

You can change this

Well-known member

Back on the rollercoaster

Back on the rollercoaster

Mr Badger

5 millionth post poster

Well-known member

Back on the rollercoaster

Well-known member

New member

Back on the rollercoaster

A. Virgo, Football Genius

Well-known member

Active member

Active member

Well-known member

Share this page