Data leaked, account locked and BA being useless.
Oct 28, 2020, 11:56 am
#1
Original Poster
Join Date: Apr 2018
Location: London
Programs: Gold at BA, Hilton and Radisson.
Posts: 591
Data leaked, account locked and BA being useless.
Hi all,
Looking for some help and wisdom into a situation BA has placed me in.
At the start of October I was contacted by a stranger via. email and text message. He told me for the last year he has been receiving emails from BA meant for me that range from the standard booking confirmation type to the more back and forth type. After a brief discussion, we came to the conclusion he has been receiving every email I have been from BA. I therefore telephoned BA and had the case forwarded to the "Compliance Team".
After a week, I received a call from Customer Relations that stated:
- They found the cause: a member of staff copied and pasted the wrong email address into my executive club account.
- This email has acted as an alias and thus every email has gone to both emails.
- The incorrect email has been removed.
Two weeks hence, and again the issue is not resolved. Thanks to the thread about seeing data, I requested a copy. The incorrect email address is still listed as an alias.
I've telephoned again, this time with a view of three things:
1) Getting the email address removed.
2) A full breakdown of what data by myself has been accessed.
3) Compensation for the above.
Worryingly, I could not book flights this morning and received a generic email (as did this stranger one assumes) :
British Airways have locked down my account. After a phone call (that was hard to accomplish as the agents just see "account locked" when I phone), I received this further email from the Audit team:
I can only assume this auditor has seen the words "security" and "breach" and gone on the war path asking me to update my email address. I'm 99.9% convinced this will not fix the incorrect alias BA have placed on my account.
Further to this, I have been reached out to by Customer Relations that have stated they are "unable to offer a gesture and will not consider the matter further".
Therefore, what can I do now?
I'm stuck in a hard place with the audit team who can not remove the alias email address and insist if I create a new one it will help.
Customer Relations concede responsibility of British Airways but will offer no compensation.
My account is locked and will not be unblocked unless I create a new email (back to step one).
At the end of the day, British Airways have supplied a stranger with my travel plans and home address informing them when I am not in the house and indeed will not be in the future (if any of my bookings hold). They have accepted responsibility, found the cause but can not remove the alias email.
Am I going slightly mad here?
Thanks all!
Looking for some help and wisdom into a situation BA has placed me in.
At the start of October I was contacted by a stranger via. email and text message. He told me for the last year he has been receiving emails from BA meant for me that range from the standard booking confirmation type to the more back and forth type. After a brief discussion, we came to the conclusion he has been receiving every email I have been from BA. I therefore telephoned BA and had the case forwarded to the "Compliance Team".
After a week, I received a call from Customer Relations that stated:
- They found the cause: a member of staff copied and pasted the wrong email address into my executive club account.
- This email has acted as an alias and thus every email has gone to both emails.
- The incorrect email has been removed.
Two weeks hence, and again the issue is not resolved. Thanks to the thread about seeing data, I requested a copy. The incorrect email address is still listed as an alias.
I've telephoned again, this time with a view of three things:
1) Getting the email address removed.
2) A full breakdown of what data by myself has been accessed.
3) Compensation for the above.
Worryingly, I could not book flights this morning and received a generic email (as did this stranger one assumes) :
"In line with most major companies operating a financial awards and incentive scheme, we constantly review transactions on our Executive Club database to ensure compliance with the scheme's Terms and Conditions and to protect our Members.
This process highlighted some anomalies with your account, so for your protection we have locked your account".
This process highlighted some anomalies with your account, so for your protection we have locked your account".
"Thank you for contacting us regarding the security of your account. I would advise that you change your email address and username as soon as possible to make sure your account is as secure as it can be.
To make sure your account is safe, I have had to place it into Lock status. Please accept my apologies for any inconvenience this may cause but please be assured you will still be able to accrue awards as normal.
Once I have received your confirmation of a password and email address change, I will unlock your account.".
To make sure your account is safe, I have had to place it into Lock status. Please accept my apologies for any inconvenience this may cause but please be assured you will still be able to accrue awards as normal.
Once I have received your confirmation of a password and email address change, I will unlock your account.".
Further to this, I have been reached out to by Customer Relations that have stated they are "unable to offer a gesture and will not consider the matter further".
Therefore, what can I do now?
I'm stuck in a hard place with the audit team who can not remove the alias email address and insist if I create a new one it will help.
Customer Relations concede responsibility of British Airways but will offer no compensation.
My account is locked and will not be unblocked unless I create a new email (back to step one).
At the end of the day, British Airways have supplied a stranger with my travel plans and home address informing them when I am not in the house and indeed will not be in the future (if any of my bookings hold). They have accepted responsibility, found the cause but can not remove the alias email.
Am I going slightly mad here?
Thanks all!
Oct 28, 2020, 12:03 pm
#2
Moderator: British Airways Executive Club
Join Date: Nov 2010
Location: TPA/ABZ
Programs: BA Lifetime Gold. GGL/CCR.
Posts: 13,248
I would start by reporting it to the Information Commissioner's Office. Mistakes happen but BA's failure to remedy it within a reasonable timeframe is unacceptable.
Oct 28, 2020, 12:08 pm
#4
Join Date: Feb 2014
Location: ±38,000 feet
Programs: LH HON, BA GGL, AF Plat, EK Plat
Posts: 6,428
This to me sounds like a potential data breach and you should proceed by sneding a email/letter to BA DATA comptroller/data protection officer and also inform ICO. That should get the ball rolling
Oct 28, 2020, 12:09 pm
#5
Suspended
Join Date: Aug 2010
Location: DCA
Programs: UA US CO AA DL FL
Posts: 50,262
But,t hat's not going to get the account unlocked in any reasonable timeframe and, in fact, may simply cause BA to issue a profuse apology but to require a new email and password.
I would respond to the "audit specialist" noting that your account was not "hacked" but rather that BA has chosen to send emails to a third-party without your authority. Accordingly, changing your email and password will have no effect. Repeat the specific request that BA remove the offending email and then unlock the account.
I would expect BA to ask that you provide some form of identification in order to assure that it is not the third-party but you who is inappropriately receiving data.
I would respond to the "audit specialist" noting that your account was not "hacked" but rather that BA has chosen to send emails to a third-party without your authority. Accordingly, changing your email and password will have no effect. Repeat the specific request that BA remove the offending email and then unlock the account.
I would expect BA to ask that you provide some form of identification in order to assure that it is not the third-party but you who is inappropriately receiving data.
Oct 28, 2020, 12:13 pm
#6
Join Date: Oct 2013
Programs: BA Gold, VS Gold, IHG Platinum, Hilton Gold, Hertz Presidents Circle.
Posts: 1,447
Oct 28, 2020, 12:59 pm
#7
Original Poster
Join Date: Apr 2018
Location: London
Programs: Gold at BA, Hilton and Radisson.
Posts: 591
Thank you everybody for your help here.
Going to the ICO website suggests my first step is a formal complaint to British Airways. It appears the email is [email protected] . Once done, and response received a complaint through the ICO seems more apparent.
I shall do that tonight, and indeed reach back to the auditor expressing concern about the remedy and indeed ask for the removal of the incorrect email. Hopefully he will not want me to actually create a new email account with another provider (!).
No point pursuing Customer Relations just yet, is there? Telling me it is fixed when it wasn't, coupled with the auditors approach has me a tad mad!
Thanks all again.
Going to the ICO website suggests my first step is a formal complaint to British Airways. It appears the email is [email protected] . Once done, and response received a complaint through the ICO seems more apparent.
I shall do that tonight, and indeed reach back to the auditor expressing concern about the remedy and indeed ask for the removal of the incorrect email. Hopefully he will not want me to actually create a new email account with another provider (!).
No point pursuing Customer Relations just yet, is there? Telling me it is fixed when it wasn't, coupled with the auditors approach has me a tad mad!
Thanks all again.
Oct 28, 2020, 1:42 pm
#8
Join Date: Jan 2014
Programs: GGL
Posts: 490
You will do if you allow yourself to be egged on by the advice offered so far.
Do you have a second email address? Use that to get you account unlocked. Persist until you have the third party's email address disassociated from your account. Move on.
Have you suffered injury? Life is too short.
Do you have a second email address? Use that to get you account unlocked. Persist until you have the third party's email address disassociated from your account. Move on.
Have you suffered injury? Life is too short.
Oct 28, 2020, 1:53 pm
#9
Join Date: Apr 2017
Programs: BA Silver
Posts: 1,387
You will do if you allow yourself to be egged on by the advice offered so far.
Do you have a second email address? Use that to get you account unlocked. Persist until you have the third party's email address disassociated from your account. Move on.
Have you suffered injury? Life is too short.
Do you have a second email address? Use that to get you account unlocked. Persist until you have the third party's email address disassociated from your account. Move on.
Have you suffered injury? Life is too short.
Oct 28, 2020, 1:53 pm
#10
Join Date: Feb 2014
Programs: Amex Plat, Hilton Diamond, SPG Gold, Carlson Gold, CM Presidential / *A Gold, Hertz 5*
Posts: 1,648
If they have locked your account, how can you change your email address on it?
if you use gmail, then you can “change” your email address while still receiving emails to the exact same account:
[email protected] = [email protected] = [email protected] etc
you can also add in a + in your email gmail address, which somewhat accomplishes the same thing:
[email protected] = [email protected] etc
In theory, you should use a completely separate email address for every single account/website you have/access - but few would actually do this
if you use gmail, then you can “change” your email address while still receiving emails to the exact same account:
[email protected] = [email protected] = [email protected] etc
you can also add in a + in your email gmail address, which somewhat accomplishes the same thing:
[email protected] = [email protected] etc
In theory, you should use a completely separate email address for every single account/website you have/access - but few would actually do this
Oct 28, 2020, 2:08 pm
#12
Join Date: Jan 2006
Location: Kendal, Cumbria and Luzon
Programs: BA Silver, PR Elite, Avis Preferred Plus, PC Diamond Ambassador
Posts: 1,120
You will do if you allow yourself to be egged on by the advice offered so far.
Do you have a second email address? Use that to get you account unlocked. Persist until you have the third party's email address disassociated from your account. Move on.
Have you suffered injury? Life is too short.
Do you have a second email address? Use that to get you account unlocked. Persist until you have the third party's email address disassociated from your account. Move on.
Have you suffered injury? Life is too short.
Similar scenario a few years ago with BA and it would have been easier to open a new account.. Inter-departmental blame game..
Had similar propblems with The Home Office and ICO backed their failure to respoind - 2 years later HO admitted they were wrong.
Manoeuvre around and Move On...
Scares borne
Oct 28, 2020, 2:27 pm
#13
Original Poster
Join Date: Apr 2018
Location: London
Programs: Gold at BA, Hilton and Radisson.
Posts: 591
Yes.
Time wasted dealing with BA’s unacceptable incompetence at processing data.
Stress caused by a stranger contacting me out of the blew quipping how was Belfast.
Anxiety caused by the sheer fact a complete stranger knows my travel plans for the next twelve months, which, coupled with my home address isn’t great?
“Can I know when you plan to be out of the house, and for how long over the next year?”. That answer is exactly what BA have handed this stranger.
I agree I need to move on, but I’ll only do so when strangers stop receiving my personal information.
Oct 28, 2020, 2:29 pm
#14
Original Poster
Join Date: Apr 2018
Location: London
Programs: Gold at BA, Hilton and Radisson.
Posts: 591
Thank you 😊
Oct 28, 2020, 2:47 pm
#15
Join Date: Feb 2009
Location: YYC
Programs: BA bronze, Aeroplan peon
Posts: 4,744
The solution is that BA needs to remove the erroneous alias address and all will be well.