Missing British Airways Avios? You’re Not Alone

It seems that thousands of British Airways Executive Club accounts are being audited today. Lots of people are reporting that when they try to log into their account today they’re getting the following error message:

We are not able to recognise the membership number that you have supplied. Please check and re-enter.

Avios-1

In these instances, you’re able to log into your account after resetting your password, whereby they email you a link that allows you to log into your account.

Avios-2

However, when you log into your account you’ll notice that all of your Avios have been removed, and you have a zero balance.

Avios-4

Under the “My recent transactions” section, you’ll see a “transaction” which removed all of the Avios in your account, with the description “Ex-Gratia.”

Avios-3

Now, while I’m no Latin expert, it’s my understanding that ex-gratia means:

(especially with reference to the paying of money) done from a sense of moral obligation rather than because of any legal requirement.

Alrighty then!

Bottom line

I wouldn’t panic and would just let this play out. There’s a FlyerTalk thread with dozens of similar reports. Those that have phoned Executive Club have simply been told that their accounts are being audited. I’m guessing it’s just a widespread glitch, given how many cases we’ve seen of accounts being hacked lately.

So I’d suggest just letting this play out, since I’m sure it will solve itself.

Is your British Airways Executive Club account experiencing this problem?

Comments

  1. My account is fine. I never keep many points in it though. I always transfer then redeem immediately. I have under 10k right now.

  2. Lucky,
    I think the Ex-Gratia may have something to do with the purchase of avios, since the purchased avios also shows up as ex-Gratia on the transactions

  3. According the agent I spoke with, over a million accounts were affected, and it will take about a week to manually adjust them. Until then, you have to book with BA through the telephone. My wife’s account was also affected – we both had to call in to get the process started, and also had to reset our passwords online.

  4. Mine account was also empty. But I technically have never earned Avois miles apart from flying on British Airways, so not sure how i would have breached any terms. So seems like a glitch

  5. So should I call BA? I had to reset password then I was able to log in, but my 200k+ appoints were deducted. unbelievable!

  6. Those expressing shock and indignation are the “unbelievable” people. It’s not if your accounts will be hacked, just when. And that applies to everything you own. Yawn.

    SO and I both are locked out. So is just about everyone I know. If it’s really a million accounts, then it’s going to take longer than a week to manually review unless they can hire and train an army of agents in a few days…

  7. “Ex-Gratia” is just BA’s transaction code for manual mile adjustments. When it’s CS giving you compensation in the form of miles, it makes sense. When it’s an audit, less so.

  8. When I purchased Avios, the description shown on my transactions list is also saying “Ex-Gratia: Purchased Avios” etc.

  9. No problem here.
    200k taken out yesterday for 4 EI J roundtrips
    Remaining balance is accurate (for both accounts).

    YMMV

  10. Not sure if you’ve seen this (or talked about it) but many of these web sites are not very secure. I remember you talking about getting 1,000 bonus points from Hilton if you change your password. Well that turned out to be a VERY unsecure web page.

    http://krebsonsecurity.com/2015/03/hilton-honors-flaw-exposed-all-accounts/

    In this case it was probably something self inflicted but that story does show you how poor many companies web pages are.

    I’ll check my BA account later when I get home.

  11. My hunch is that they had a major breach, realized it, and zeroed out everyone’s account in an attempt to stop any losses that may occur.

  12. Here’s the email I got :

    Dear Customer

    British Airways has become aware of some unauthorised activity in relation to your Executive Club account.

    This appears to have been the result of a third party using information obtained elsewhere on the internet, via an automated process, to try to gain access to your Executive Club account.

    We understand this was login information relating to a different online service which you may have also used to access your Executive Club account.

    We would like to reassure you that, although it does appear that the login attempt was successful, at this stage we are not aware of any access to any subsequent information pages within your account, including your flight history or payment card details.

    We have now locked down your online account to protect it from further access. As part of the lock-down process we have also changed your password and you will need to reset it before you are able to use your account.

    Please click here and follow the password reset process.

    If you use the same login details for your Executive Club account as you do for your online accounts with any other organisations, we would also recommend that you change the passwords for these accounts, as well as exercising vigilance regarding any unusual or suspicious use of your personal data.

    For a short period of time, as a precaution, we have also suspended the use of Avios on your account. We will let you know when this suspension period is over.

    In the meantime, however, if you wish to spend your Avios please contact us via your local Executive Club service centre. We will be able to reactivate your account by asking you some additional security questions.

    We are sorry for the concern and inconvenience this matter may have caused you and would like to reassure you that we are taking this incident seriously.

    British Airways Executive Club team

  13. 66k avios gone, 0 on my account. Both other household accounts seem ok. Let’s see, if BA will give any compensation for this trouble. 😉

  14. Yep, all 100K gone. This has actually happened to me before (and then, as now, I had very little activity and nothing unusual at all) and it took about two months before they put them back. Super annoying.

  15. Was very concerned when I pulled my account up this morning. Wish I had read your post a few hours earlier in order to have saved myself 20 mins. + hold time.
    BA Agent & Exec Club desk Rep gave me the necessary 3rd degree (birthdate, mailing address, last flight, Email) before were allowed to explain that an Email was supposed to go out to warn of the audit.
    Before I called, I Googled Ex-Gratis and it said it meant, “In kindness”. Thinking BA should offer a small Avios “ex-gratis” bonus to those being audited to make up for the glitch.

  16. All of my points are still there. Even worse timing to lose them now considering the devaluation of them in a month. I’m guessing a few people will want to use them before April 28.

  17. Same thing happened to me. I’ve now been on hold for 1 hour and 53 minutes and still haven’t gotten through. What a mess…

  18. The pasted-in email above from BA makes it sound like an Awardwallet breach? (“We understand this was login information relating to a different online service which you may have also used to access your Executive Club account.”)

  19. My Avios have been cleaned to and there something about exgratia. British airways numbers says they are closed till tommorrow

  20. Question on Avios redemption, even though it says I have 0 right now. How come when I search for intra-Japan flights only economy is an option? I’m looking for NRT-KIX and only economy is an option but on Japan airlines they sell business class seats. I just really want it for quicker access through the airport since I will be traveling with a child and infant. Thanks.

  21. My account was affected, my wife’s was not.
    On my account the same story as reported above by others…
    Was not able to login, called BA was told a story about “audit of my account” , was allowed to reset pwd and get access to the website, noticed that my avios are gone – and was promized that these will be reinstalled “right now” .
    Well, 4 hours later still zero avios , may need these tomorrow, so I am calling ba again…

  22. There was some suggestion I saw on Twitter (following a reply from BA to a complaint) that TripIt was to blame – I do have TripIt monitoring by BAEC account, as have a couple of other people who have had problems, and a couple of people who don’t who have their accounts intact.
    Does this hold up to people here?

  23. @ Amit — For whatever reason I don’t believe you can redeem Avios for a premium cabin within Japan. Not sure why.

  24. I have used Award Wallet, so I’m resetting passwords and such. The agent I spoke to at BA said my points would be reinstated “within 48 hours”.

  25. reset my password via the BA website. logged in, no points of course. same Ex-gratia.
    (i had just had some miles reinstated for a cancel that didn’t work)

    anyway, be sheer dumb luck had the same password for BA, AW, and Trip-It. saw that my BA was NOT in my AW but was in my Trip-It.

    i am ashamed i had the same password, i just never updated those sites with my password program and most likely was in a hurry the day i set them up. but not sure what the cause officially is, as the way the miles were pulled out is strange.

    called BA, was on hold a bit, guy came on, he called someone. supervisor came on to reverify my info and then the call was lost. i will wait and call back later.

  26. All my avios disappeared!!!!!!!
    0 Avios in my account too. This isn’t cool…
    I am worried about other info like credit card details, etc.

  27. When BA are saying your account password has been compromised and not much else I would begin to get worried. They need to be much more transparent about this.

    I’d recommend anyone in the UK to submit a concern with the Information Commissioner’s Office who are tasked with upholding the Data Protection Act which BA are possibly in breach in terms of securely storing personal information. The information they have provided is just not sufficient.

    https://ico.org.uk/concerns/handling/

  28. Why am I the only one thinking, I’m glad they did what they did to safeguard my account and Avios, as opposed to just saying it’s not their fault, so live with it?

    And expecting compensation on top of it? Where on earth has common sense migrated to?!?

  29. If its a breach then I’m absolutely delighted BA went proactive and locked my account. Points are gone but they will come back as they over time. I don’t use Award Wallet but I do use Tripit. Might go and have a quick look see in there to see what has gone on.

    As I said well done BA for being proactive.

  30. Phillip, I think it would be wrong to to be ‘glad’ BA has done anything for your benefit before understanding the situation behind this breach. BA’s very vague language and subsequent provision of information behind the breach has me worried. Why aren’t you? If you check out the FT thread it would appear there’s not yet any definitive commonality with regards to a ‘3rd party service’.

    I’m leaning towards BA having mishandled user data, sadly.

  31. Hi everyone!
    I am joining, account is zeroed…
    And!
    two award bookings wasted, cancelled!! Simply no info and in checkmytrip-it is empty now.
    Those bookings were done in January and were ok till yesterday.
    Anyone here had the same thing with award bookings?

  32. I was told by a ba rep (from the dept of executive club accounts) that it will take them up to seven days to reinstate my avios because, as he explained, they have to do it for a large number of Ec members… I don’t have any inside info on ba iIT, but to me it looks like they have a major computer glitch, something like a corrupted master DB, and IT has not yet figured how to fix the prob and has not given any ETA to Support, that would explain why support guys give different ETAs to customers – they just don’t have any clue when it will be fixed…

  33. @Phillip – If there was a breach, why doesn’t BA just come out & say that there was a breach. If they’re going to lock people’s accounts until they figure out what happened, fine. But they haven’t done that, they’re using vague language like “unauthorized activity in relation to your Executive Club account.” I would think most people would accept it if BA gave a substantive, meaningful reply, but they’re not doing that. They’re just locking peoples’ accounts and cleaning out their balances WITH NO NOTICE. Why don’t they put out a notice on their website, or on Twitter, or a mass e-mail? They’re just shooting first and asking questions later and NOT TELLING ANYONE ANYTHING.

  34. Wow, I think there are some BA employees on this comment thread… I mean, they lost everyone’s award tickets and avios and deactivated everyone’s logins and gave zero notice. There’s no popup, no email in my inbox, nothing. If I reset my password and log in, there’s no banner or alert letting me know there’s an ongoing problem. Just zero avios and the standard 60+ minute wait to reach someone in India. That’s not behavior worth of commendation — quite the contrary, if you ask me.

  35. @brianna hoffner – I think BA’s performance (or lack thereof) is abysmal in this case, but so is calling people who are not taking our line of reasoning BA employees. The fact that someone disagrees with us does not make them a BA employee. If you have any evidence that any commenters are BA employees, I’d be interested in seeing it.

  36. Thankfully a this page appeared with a quick google search of ba avios missing! My account has had 200k removed! Ugh.

  37. I wasn’t making a serious accusation, I was simply being glib/sarcastic/funny to imply that this behavior is so obviously not acceptable by every conceivable yardstick that only an employee (or stockholder) could proffer that it was acceptable or even beneficial. It was something akin to a “face only a mother could love” kind of comment, not a conspiracy theory.

  38. Avios restored this afternoon, and an email received from BA a couple of hours later.
    Still little information from BA though, which to me means they aren’t really sure what happened… I’m still curious on the evidence used to find the compromised accounts, or if it was more blanket coverage reaction to an unknown breach.

  39. I just did an update in AwardWallet and my account is zeroed out. The transaction from yesterday (1/2/2017) called “Redemption” is for the amount equal to my total points. No other info. Any ideas?

Leave a Reply

Your email address will not be published. Required fields are marked *