This post has partner links that I may receive compensation for at no cost to you. Thank you for supporting my site!
Over the weekend, I wrote about the security issues British Airways was having with some Executive Club accounts, resulting in the airline preemptively locking them and zeroing out Avios balances.
I wrote at the time that everyone should just keep calm about it & everything would be restored, and that appears to have been the case.
With the weekend over, British Airways finally posted a notice on their login page about the issue this morning.
The link in the notice then goes to the full announcement, which you can find below:
Unauthorised activity to Executive Club accounts
Answer Id 5249 | Updated 30/03/2015 03.00 PM (UK time)
British Airways has become aware of some unauthorised activity in relation to a number of Executive Club and Registered Customer accounts.
This appears to have been the result of a third party using information obtained elsewhere on the internet, via an automated process, to try to gain access to these accounts.
Our initial investigations show this was “login” information relating to a different online service which customers may have also used to access their Executive Club accounts.
We are taking this incident seriously and would like to apologise for the concern and inconvenience this has caused.
We would like to reassure you that, although it does appear that the login attempt was successful on a small percentage of accounts, at this stage we are not aware of any access to any subsequent information pages within accounts, including flight histories or payment card details.
Why have we locked some customer accounts?
In order to protect customers’ data and Avios we have locked down a number of customers’ accounts and asked those customers to reset their passwords. Customers can reset their passwords by following the “Forgotten PIN/Password” link in the top right hand corner of the British Airways homepage.
The locking of accounts by British Airways means any locked accounts will automatically show the Avios balance as zero, as we have protected those in our systems. The action we took was as a precaution to protect affected customers when we became aware of this unauthorised activity.
When will I be able to use my account as normal?
We very much hope that we can unlock significant numbers of accounts in the coming days and customers will be able to use their accounts as normal, provided that they have followed the required instructions to reset their personal passwords. We will let potentially affected customers know when the suspension period on their account is over.
If you use the same login details for your Executive Club accounts as for online accounts with any other organisations, we would also recommend that you change the passwords for these accounts, as well as exercising vigilance regarding any unusual or suspicious use of your personal data.
Once again we are sorry for the concern and inconvenience this matter has caused and would like to reassure you that we are taking this incident seriously.
I had to reset my password one more time, but when I did, I was able to find out that my full Avios balance had been restored. While I imagine that there are still accounts that are frozen (likely the ones that were actually breached), the majority of us are free to access our miles again.