Le Chic Geek
Related Articles
Usually I like being in an exclusive group of people. But this–I could have let pass. 7,700 US Airways Dividend Miles Accounts were compromised out of 30,000,000 due to a security breach on US Airways’ part. Guess who was one of those?
I suddenly needed to leave town for a wake last week and used my US Airways miles to get there. It was prohibitively expensive otherwise. But my timing was great, because I would not have been able to book my flight just a little later–but the rest of that is a story for another time.
I went to log into my account the next day and couldn’t log in. I log into my US Airways account every day (yes, I’m obsessive). I wouldn’t have forgotten my password, but just in case–I went to reset it.
I filled out my security questions and none of them worked–odd. I’m pretty sure I know my parents’ birth locations and the name of my first dog. I tweeted asking if anyone else had problems logging into their US Airways account, and I received a ton of tweets back with the link to that story, asking me if I had been affected.
Uh-oh.
I called the US Airways Chairman line and they wouldn’t speak to me about anything. They telling me that for my safety, I’ve been mailed a letter that contains a code. I need to use this code to verify I am who I said I am. And it should be in my mailbox already.
I explained I’m on the road now and I need to change some things with my flight now. The agent said, “Oh yeah, you’re a Chairman. You would be on the road.”
After a while, the phone agent involved her supervisor. They finally decided that since my cell phone was on my account since its inception, it is safe to call me on that.
After they called me back, they deleted my entire online account and created a new one for me. I offhandedly commented about how this will be strange for me–I logged into that account everyday–and got silence in return. Oh yeah, not everyone is obsessed with their mileage account.
She confirmed to me that miles lost were returned, so I started asking more questions about what happened. She quickly interrupted and said I would learn everything in the letter and I would have to wait for that.
The way they were talking, it sounded like I had the letter in the mail already. When I got back home I checked the mailbox–no letter.
The next day–no letter.
I waited and waited, and I finally received the letter seven days later. Imagine if I didn’t have my cell phone attached to my account from its inception–I would had to have waited seven days before I could access my miles, book award trips, and well, stare at my mileage balance while sighing happily.
I checked the letter for a date. There was none on it. And there was no postmark on the letter because they sent it bulk mail.
I rarely go seven days without flying, but US Airways was not in a rush to help me get back into the sky.
In the letter I learned the following had been compromised:
- Username
- Password
- Name
- Address
- Security Question Answers
- Date of Birth
- Known Traveler Number
- Last Four Digits of my credit cards
Having my email and security questions compromised makes me really nervous. I know off the top of my head what all my passwords are to all of my accounts. If any are similar, I’ve changed them.
But with security questions–I have no idea what answers I’ve given to accounts. And I learned the hard way that all someone needs is your email and answers to your security questions to reset your password to some websites. My wedding website had been giving away my security questions to my Macy’s account, which is a common “hack”. (I don’t actually consider these people hackers, but I’ll let that go for now.)
So there you have it. New username, new accounts. I tried to choose new security answers, but so many of them are hard to answer.
US Airways gave me a year of free life lock, but I’ve already written up my distrust of life lock.
Do you think a week is too long to go with no information when your account is compromised by the company’s security breach?
I have been obsessively checking our accounts since I heard about the security breach a couple of weeks ago. I, too, would be quite upset of it were compromised. In fact, I think I am going to be doing some password changes today. Under the circumstances, however,I think US did all they could do for you. Your miles were reinstated with a new account number and, worthless or not, they made an offer of credit monitoring.. Maybe at this point you should get that credit card replaced by the issuer. Sorry this happened to you.
Yes, I’m happy with what I got. I’m thinking about a non-elite whose account stops working, has recently changed their phone number on the account, and can’t be told anything until they receive this letter in the mail–that would be awful to wait for!
Then again, I guess the average user doesn’t check their account as much as I do 😉
Can you answer your security questions from someone else’s perspective instead? For instance, a parent, sibling, significant other, or best friend? I’ve never owned a dog, but I’ve heard so much about a certain one who lived and passed pre-internet/Facebook that he’s the answer to some of my questions. I know mother’s maiden name isn’t very safe anymore since people have photos with Grandma Smith or mothers who have Facebook accounts with both their maiden names and married names.
My parent’s birth places aren’t actually their birthplaces, but places I would laugh if they were born in (just because of their personalities). I made this change to most my security questions after the wedding website compromised most my info, but now some (and I don’t know which!) of my fake answers were released.
And my first dog is a dog no one knows the name of. They think my second dog was my first dog because that’s when the internet started so he became “real” 😉
But I think your idea is a REALLY good one.
The biggest crime here was that they sent the letters bulk mail instead of first class. Bulk mail can take weeks.
Also instead of life lock they should have given you miles to make up for the problem. I’m just sayin,
This post made me check my account right away!
Keri’s Dad, here. We got LifeLock a year ago… and while that would’t have prevented this… I feel much better having it. You probably already have it, come to think about it.