https://www.bbc.co.uk/news/technology-45481976
"A cyber-security firm has said it found a malicious script injected into the British Airways website, which could be the cause of
a recent data breach that affected 380,000 transactions.
A RiskIQ researcher analysed code from BA's website and app around the time when the breach began, in late August.
He claimed to have discovered evidence of a "skimming" script designed to steal financial data from online payment forms.
BA said it was unable to comment.