Usually I like being in an exclusive group of people. But this–I could have let pass. 7,700 US Airways Dividend Miles Accounts were compromised out of 30,000,000 due to a security breach on US Airways’ part. Guess who was one of those?
I suddenly needed to leave town for a wake last week and used my US Airways miles to get there. It was prohibitively expensive otherwise. But my timing was great, because I would not have been able to book my flight just a little later–but the rest of that is a story for another time.
I went to log into my account the next day and couldn’t log in. I log into my US Airways account every day (yes, I’m obsessive). I wouldn’t have forgotten my password, but just in case–I went to reset it.
I filled out my security questions and none of them worked–odd. I’m pretty sure I know my parents’ birth locations and the name of my first dog. I tweeted asking if anyone else had problems logging into their US Airways account, and I received a ton of tweets back with the link to that story, asking me if I had been affected.
I called the US Airways Chairman line and they wouldn’t speak to me about anything. They telling me that for my safety, I’ve been mailed a letter that contains a code. I need to use this code to verify I am who I said I am. And it should be in my mailbox already.
I explained I’m on the road now and I need to change some things with my flight now. The agent said, “Oh yeah, you’re a Chairman. You would be on the road.”
After a while, the phone agent involved her supervisor. They finally decided that since my cell phone was on my account since its inception, it is safe to call me on that.
After they called me back, they deleted my entire online account and created a new one for me. I offhandedly commented about how this will be strange for me–I logged into that account everyday–and got silence in return. Oh yeah, not everyone is obsessed with their mileage account.
She confirmed to me that miles lost were returned, so I started asking more questions about what happened. She quickly interrupted and said I would learn everything in the letter and I would have to wait for that.
The way they were talking, it sounded like I had the letter in the mail already. When I got back home I checked the mailbox–no letter.
The next day–no letter.
I waited and waited, and I finally received the letter seven days later. Imagine if I didn’t have my cell phone attached to my account from its inception–I would had to have waited seven days before I could access my miles, book award trips, and well, stare at my mileage balance while sighing happily.
I checked the letter for a date. There was none on it. And there was no postmark on the letter because they sent it bulk mail.
I rarely go seven days without flying, but US Airways was not in a rush to help me get back into the sky.
In the letter I learned the following had been compromised:
- Security Question Answers
- Date of Birth
- Known Traveler Number
- Last Four Digits of my credit cards
Having my email and security questions compromised makes me really nervous. I know off the top of my head what all my passwords are to all of my accounts. If any are similar, I’ve changed them.
But with security questions–I have no idea what answers I’ve given to accounts. And I learned the hard way that all someone needs is your email and answers to your security questions to reset your password to some websites. My wedding website had been giving away my security questions to my Macy’s account, which is a common “hack”. (I don’t actually consider these people hackers, but I’ll let that go for now.)
So there you have it. New username, new accounts. I tried to choose new security answers, but so many of them are hard to answer.
US Airways gave me a year of free life lock, but I’ve already written up my distrust of life lock.
Do you think a week is too long to go with no information when your account is compromised by the company’s security breach?