I got the dates wrong in the video, should have said 21st Aug to 5th Sept.

But, this is me looking at the whole incident as a customer, not as a security professional.

I received the email notification from British Airways informing me of the breach and the fact that customers payment and personal information was compromised. The advice was for customers to contact their card providers and follow their guidance.

Being a diligent consumer, I contacted my card provider who informed me via an automated message that they were aware of the breach and they are looking into it and no further action on my part is needed.

Okay then.

But being a self-starter, I thought it would be a great idea to change my BA password, just in case it was also somehow compromised.

Despite me thinking of myself as a pretty web-savvy person, it took me a while to find the page to update my password. As you can see, it asks for username, current password, and new password which must be at least 6 characters and complex.

 

Unfortunately, I found that filling out the details resulted in it asking for a PIN. This got very confusing for me. It suddenly switched from a password to a PIN and I ended up being unable to change my password.

 

So, the summary is:

  1. I got informed my personal and card details were breached
  2. There was nothing I could do about it
  3. I felt like it was all a waste of my time.
  4. The end.