It seems that thousands of British Airways Executive Club accounts are being audited today. Lots of people are reporting that when they try to log into their account today they’re getting the following error message:
We are not able to recognise the membership number that you have supplied. Please check and re-enter.
In these instances, you’re able to log into your account after resetting your password, whereby they email you a link that allows you to log into your account.
However, when you log into your account you’ll notice that all of your Avios have been removed, and you have a zero balance.
Under the “My recent transactions” section, you’ll see a “transaction” which removed all of the Avios in your account, with the description “Ex-Gratia.”
Now, while I’m no Latin expert, it’s my understanding that ex-gratia means:
(especially with reference to the paying of money) done from a sense of moral obligation rather than because of any legal requirement.
Alrighty then!
Bottom line
I wouldn’t panic and would just let this play out. There’s a FlyerTalk thread with dozens of similar reports. Those that have phoned Executive Club have simply been told that their accounts are being audited. I’m guessing it’s just a widespread glitch, given how many cases we’ve seen of accounts being hacked lately.
So I’d suggest just letting this play out, since I’m sure it will solve itself.
Is your British Airways Executive Club account experiencing this problem?
I just did an update in AwardWallet and my account is zeroed out. The transaction from yesterday (1/2/2017) called "Redemption" is for the amount equal to my total points. No other info. Any ideas?
Is there a working reservations #? They all seem to be down
Avios restored this afternoon, and an email received from BA a couple of hours later.
Still little information from BA though, which to me means they aren't really sure what happened... I'm still curious on the evidence used to find the compromised accounts, or if it was more blanket coverage reaction to an unknown breach.
http://mobile.reuters.com/article/idUSKBN0MP0OE20150329?irpc=932
Article on Reuters about the breach.
Anyone think we'll be able to get some extra Avios as compensation for such a widespread glitch/error, causing stress and inconvenience?
@ TheTravelEconomist -- I highly doubt it, but you never know.
I wasn't making a serious accusation, I was simply being glib/sarcastic/funny to imply that this behavior is so obviously not acceptable by every conceivable yardstick that only an employee (or stockholder) could proffer that it was acceptable or even beneficial. It was something akin to a "face only a mother could love" kind of comment, not a conspiracy theory.
Thankfully a this page appeared with a quick google search of ba avios missing! My account has had 200k removed! Ugh.
Any update ? When can BA fix this problem ?
@brianna hoffner - I think BA's performance (or lack thereof) is abysmal in this case, but so is calling people who are not taking our line of reasoning BA employees. The fact that someone disagrees with us does not make them a BA employee. If you have any evidence that any commenters are BA employees, I'd be interested in seeing it.
Wow, I think there are some BA employees on this comment thread... I mean, they lost everyone's award tickets and avios and deactivated everyone's logins and gave zero notice. There's no popup, no email in my inbox, nothing. If I reset my password and log in, there's no banner or alert letting me know there's an ongoing problem. Just zero avios and the standard 60+ minute wait to reach someone in India. That's not behavior...
Wow, I think there are some BA employees on this comment thread... I mean, they lost everyone's award tickets and avios and deactivated everyone's logins and gave zero notice. There's no popup, no email in my inbox, nothing. If I reset my password and log in, there's no banner or alert letting me know there's an ongoing problem. Just zero avios and the standard 60+ minute wait to reach someone in India. That's not behavior worth of commendation -- quite the contrary, if you ask me.
@Phillip - If there was a breach, why doesn't BA just come out & say that there was a breach. If they're going to lock people's accounts until they figure out what happened, fine. But they haven't done that, they're using vague language like "unauthorized activity in relation to your Executive Club account." I would think most people would accept it if BA gave a substantive, meaningful reply, but they're not doing that. They're just...
@Phillip - If there was a breach, why doesn't BA just come out & say that there was a breach. If they're going to lock people's accounts until they figure out what happened, fine. But they haven't done that, they're using vague language like "unauthorized activity in relation to your Executive Club account." I would think most people would accept it if BA gave a substantive, meaningful reply, but they're not doing that. They're just locking peoples' accounts and cleaning out their balances WITH NO NOTICE. Why don't they put out a notice on their website, or on Twitter, or a mass e-mail? They're just shooting first and asking questions later and NOT TELLING ANYONE ANYTHING.
I was told by a ba rep (from the dept of executive club accounts) that it will take them up to seven days to reinstate my avios because, as he explained, they have to do it for a large number of Ec members... I don't have any inside info on ba iIT, but to me it looks like they have a major computer glitch, something like a corrupted master DB, and IT has not yet...
I was told by a ba rep (from the dept of executive club accounts) that it will take them up to seven days to reinstate my avios because, as he explained, they have to do it for a large number of Ec members... I don't have any inside info on ba iIT, but to me it looks like they have a major computer glitch, something like a corrupted master DB, and IT has not yet figured how to fix the prob and has not given any ETA to Support, that would explain why support guys give different ETAs to customers - they just don't have any clue when it will be fixed...
Hi everyone!
I am joining, account is zeroed...
And!
two award bookings wasted, cancelled!! Simply no info and in checkmytrip-it is empty now.
Those bookings were done in January and were ok till yesterday.
Anyone here had the same thing with award bookings?
@ Phil -- Wow, that's crazy! Were the tickets on BA metal, or a partner?
Phillip, I think it would be wrong to to be 'glad' BA has done anything for your benefit before understanding the situation behind this breach. BA's very vague language and subsequent provision of information behind the breach has me worried. Why aren't you? If you check out the FT thread it would appear there's not yet any definitive commonality with regards to a '3rd party service'.
I'm leaning towards BA having mishandled user data, sadly.
If its a breach then I'm absolutely delighted BA went proactive and locked my account. Points are gone but they will come back as they over time. I don't use Award Wallet but I do use Tripit. Might go and have a quick look see in there to see what has gone on.
As I said well done BA for being proactive.
Why am I the only one thinking, I'm glad they did what they did to safeguard my account and Avios, as opposed to just saying it's not their fault, so live with it?
And expecting compensation on top of it? Where on earth has common sense migrated to?!?
When BA are saying your account password has been compromised and not much else I would begin to get worried. They need to be much more transparent about this.
I'd recommend anyone in the UK to submit a concern with the Information Commissioner's Office who are tasked with upholding the Data Protection Act which BA are possibly in breach in terms of securely storing personal information. The information they have provided is just not sufficient.
...When BA are saying your account password has been compromised and not much else I would begin to get worried. They need to be much more transparent about this.
I'd recommend anyone in the UK to submit a concern with the Information Commissioner's Office who are tasked with upholding the Data Protection Act which BA are possibly in breach in terms of securely storing personal information. The information they have provided is just not sufficient.
https://ico.org.uk/concerns/handling/
All my avios disappeared!!!!!!!
0 Avios in my account too. This isn’t cool…
I am worried about other info like credit card details, etc.
Exact same thing happened to me:
27-Mar-15 Ex-Gratia 0 -82,267
reset my password via the BA website. logged in, no points of course. same Ex-gratia.
(i had just had some miles reinstated for a cancel that didn't work)
anyway, be sheer dumb luck had the same password for BA, AW, and Trip-It. saw that my BA was NOT in my AW but was in my Trip-It.
i am ashamed i had the same password, i just never updated those sites with my password program...
reset my password via the BA website. logged in, no points of course. same Ex-gratia.
(i had just had some miles reinstated for a cancel that didn't work)
anyway, be sheer dumb luck had the same password for BA, AW, and Trip-It. saw that my BA was NOT in my AW but was in my Trip-It.
i am ashamed i had the same password, i just never updated those sites with my password program and most likely was in a hurry the day i set them up. but not sure what the cause officially is, as the way the miles were pulled out is strange.
called BA, was on hold a bit, guy came on, he called someone. supervisor came on to reverify my info and then the call was lost. i will wait and call back later.
I have used Award Wallet, so I'm resetting passwords and such. The agent I spoke to at BA said my points would be reinstated "within 48 hours".
There was some suggestion I saw on Twitter (following a reply from BA to a complaint) that TripIt was to blame - I do have TripIt monitoring by BAEC account, as have a couple of other people who have had problems, and a couple of people who don't who have their accounts intact.
Does this hold up to people here?
Yup, account locked and, after password reset, shows all of my Avios gone :(
My account was affected, my wife's was not.
On my account the same story as reported above by others...
Was not able to login, called BA was told a story about "audit of my account" , was allowed to reset pwd and get access to the website, noticed that my avios are gone - and was promized that these will be reinstalled "right now" .
Well, 4 hours later still zero avios , may need these tomorrow, so I am calling ba again...
Yep. All mine gone too!
Question on Avios redemption, even though it says I have 0 right now. How come when I search for intra-Japan flights only economy is an option? I'm looking for NRT-KIX and only economy is an option but on Japan airlines they sell business class seats. I just really want it for quicker access through the airport since I will be traveling with a child and infant. Thanks.
@ Amit -- For whatever reason I don't believe you can redeem Avios for a premium cabin within Japan. Not sure why.
My Avios have been cleaned to and there something about exgratia. British airways numbers says they are closed till tommorrow
The pasted-in email above from BA makes it sound like an Awardwallet breach? ("We understand this was login information relating to a different online service which you may have also used to access your Executive Club account.")
Same thing happened to me. I've now been on hold for 1 hour and 53 minutes and still haven't gotten through. What a mess...
My account was zeroed out (only 4463 miles) my wife's was not.
All of my points are still there. Even worse timing to lose them now considering the devaluation of them in a month. I'm guessing a few people will want to use them before April 28.
Was very concerned when I pulled my account up this morning. Wish I had read your post a few hours earlier in order to have saved myself 20 mins. + hold time.
BA Agent & Exec Club desk Rep gave me the necessary 3rd degree (birthdate, mailing address, last flight, Email) before were allowed to explain that an Email was supposed to go out to warn of the audit.
Before I called, I...
Was very concerned when I pulled my account up this morning. Wish I had read your post a few hours earlier in order to have saved myself 20 mins. + hold time.
BA Agent & Exec Club desk Rep gave me the necessary 3rd degree (birthdate, mailing address, last flight, Email) before were allowed to explain that an Email was supposed to go out to warn of the audit.
Before I called, I Googled Ex-Gratis and it said it meant, "In kindness". Thinking BA should offer a small Avios "ex-gratis" bonus to those being audited to make up for the glitch.
Can't imagine the hold times right now as they are always too long when things are normal
all 6 accounts that I manage are locked. Joining the party...
Yep, all 100K gone. This has actually happened to me before (and then, as now, I had very little activity and nothing unusual at all) and it took about two months before they put them back. Super annoying.
66k avios gone, 0 on my account. Both other household accounts seem ok. Let's see, if BA will give any compensation for this trouble. ;-)
Here's the email I got :
Dear Customer
British Airways has become aware of some unauthorised activity in relation to your Executive Club account.
This appears to have been the result of a third party using information obtained elsewhere on the internet, via an automated process, to try to gain access to your Executive Club account.
We understand this was login information relating to a different online service which you may have also used to...
Here's the email I got :
Dear Customer
British Airways has become aware of some unauthorised activity in relation to your Executive Club account.
This appears to have been the result of a third party using information obtained elsewhere on the internet, via an automated process, to try to gain access to your Executive Club account.
We understand this was login information relating to a different online service which you may have also used to access your Executive Club account.
We would like to reassure you that, although it does appear that the login attempt was successful, at this stage we are not aware of any access to any subsequent information pages within your account, including your flight history or payment card details.
We have now locked down your online account to protect it from further access. As part of the lock-down process we have also changed your password and you will need to reset it before you are able to use your account.
Please click here and follow the password reset process.
If you use the same login details for your Executive Club account as you do for your online accounts with any other organisations, we would also recommend that you change the passwords for these accounts, as well as exercising vigilance regarding any unusual or suspicious use of your personal data.
For a short period of time, as a precaution, we have also suspended the use of Avios on your account. We will let you know when this suspension period is over.
In the meantime, however, if you wish to spend your Avios please contact us via your local Executive Club service centre. We will be able to reactivate your account by asking you some additional security questions.
We are sorry for the concern and inconvenience this matter may have caused you and would like to reassure you that we are taking this incident seriously.
British Airways Executive Club team
My hunch is that they had a major breach, realized it, and zeroed out everyone's account in an attempt to stop any losses that may occur.
My 4,000,000 points are wiped out.
Not sure if you've seen this (or talked about it) but many of these web sites are not very secure. I remember you talking about getting 1,000 bonus points from Hilton if you change your password. Well that turned out to be a VERY unsecure web page.
http://krebsonsecurity.com/2015/03/hilton-honors-flaw-exposed-all-accounts/
In this case it was probably something self inflicted but that story does show you how poor many companies web pages are.
I'll check my BA...
Not sure if you've seen this (or talked about it) but many of these web sites are not very secure. I remember you talking about getting 1,000 bonus points from Hilton if you change your password. Well that turned out to be a VERY unsecure web page.
http://krebsonsecurity.com/2015/03/hilton-honors-flaw-exposed-all-accounts/
In this case it was probably something self inflicted but that story does show you how poor many companies web pages are.
I'll check my BA account later when I get home.
All of mine are still there. My wife's are intact too.
No problem here.
200k taken out yesterday for 4 EI J roundtrips
Remaining balance is accurate (for both accounts).
YMMV
When I purchased Avios, the description shown on my transactions list is also saying "Ex-Gratia: Purchased Avios" etc.
"Ex-Gratia" is just BA's transaction code for manual mile adjustments. When it's CS giving you compensation in the form of miles, it makes sense. When it's an audit, less so.
Those expressing shock and indignation are the "unbelievable" people. It's not if your accounts will be hacked, just when. And that applies to everything you own. Yawn.
SO and I both are locked out. So is just about everyone I know. If it's really a million accounts, then it's going to take longer than a week to manually review unless they can hire and train an army of agents in a few days...
0 Avios in my account too. This isn't cool...
So should I call BA? I had to reset password then I was able to log in, but my 200k+ appoints were deducted. unbelievable!
Haha Scott, I like how you think. If it was closer to the end of April I'd agree.
Making it hard to redeem before the devaluation?
Subscribe
Mine account was also empty. But I technically have never earned Avois miles apart from flying on British Airways, so not sure how i would have breached any terms. So seems like a glitch
This is also effecting Iberia avios.. was unable to login to both BA and Iberia accounts.
According the agent I spoke with, over a million accounts were affected, and it will take about a week to manually adjust them. Until then, you have to book with BA through the telephone. My wife's account was also affected - we both had to call in to get the process started, and also had to reset our passwords online.
Lucky,
I think the Ex-Gratia may have something to do with the purchase of avios, since the purchased avios also shows up as ex-Gratia on the transactions
Yep, ex-gratia here too. Luckily only 7000 avios in limbo.
My account is fine. I never keep many points in it though. I always transfer then redeem immediately. I have under 10k right now.
Yep - mine all hoovered up. What's going on BAEC?
Account locked. Tried re-setting password 3 times. Still locked. Very pissed off. :(
yep, can't log in either... what a mess.
My account was also impacted - over 100k avios removed... zero balance
doesn't seem to be universal as I logged in okay and still have my balance.
Flying AA this weekend with BA avios. Any reports of award itinerary issues?
@ Meghanb904 -- You shouldn't have any issues.
on hold with them now.
659K Ex-Gratia debited