Anybody who understands computer databases and servers knows that the user passwords are stored in the database but encrypted using various hash keys relative to type of encryption involved. The problem being should someone hack the database then all they need to do is run a reverse encryption algorithm to get the passwords. Any good I.T manager should also Salt the passwords this is adding another key to the stored information thus unless the Salt value is known then trying to crack the encryption will just give nonsense.
This makes me wonder if British Airways “Salted” their user database and what other security measures they had in place. Years ago when I attended a course at a company I managed to hack into their accounts department on the network just by using the password “Admin”. Many people who design web pages leave the user name as admin. But also people buy web cams and child monitors and leave them set at factory default settings and often the password is Admin.
Another way hackers get passwords is by getting people to download malware which often contains key stroke software which then transmits what you type especially on banking sites back to the criminal.
A good company will employ ethical hackers to see if their systems are as good as they think they are.
A fibre optic network is hard to crack but others that use twisted pairs can be monitored by simply placing a coil next to the network. Also a good hacker can tune into the radio frequencies of the computer and see what you see from a van outside the building.
Users of computers should always hover their mouse over suspicious looking links to find the true address of the web site. Hackers will often clone a banking site. Also having a good anti- virus program is essential and keeping it up to date with the latest virus signatures. I have had people try and hack one of my web sites I know most of them are Russians yet my site is not financial and does not store credit card data. Yet a plugin I use called Word Fence records all these attacks and the I.P addresses of the hackers.

Hackers will also try and clone your contactless bank cards using R.F equipment to capture the card details. This is why a R.F blocker card should always be carried in your wallet if you use contactless cards.