Last week British Airways notified the ICO of a data breach which affected 380,000 users of their website.
BA said the breach took place between 22:58 BST on 21 August and 21:45 BST on 5 September. Information is scarce but more details are emerging about how the breach was possible.
This complex attack will take several weeks to forensically unpick. Hopefully BA will have invested in technologies such as a SEIM so they are able to understand how the attackers achieve access.