Ticket maliciously cancelled LH refuse to reinstate
#16
Join Date: May 2014
Location: DMV
Posts: 2,092
LH has to verify who is doing what before they cancel - it is not the passengers burden to proof it was NOT them!
If LH claims she cancelled - THEY have to proof that!
She has a contract and a receipt for that and she paid for it....now it is on LH to provide the service....
If LH claims she cancelled - THEY have to proof that!
She has a contract and a receipt for that and she paid for it....now it is on LH to provide the service....
The booking code i.e. PNR locator is only shown on an encrypted webpage when you book and sent to the password-protected email you used for the booking. It's confidential, it's protected info. Amazon and most other retailers don't ask you for more than an email and password either to log in and buy stuff.
#17
Join Date: Jul 2013
Location: MRY - CNX - TXL
Programs: UA 1K / *G / Marriott PE / Expedia Gold+ / Hertz PC
Posts: 7,058
That's very strange, I would imagine that a hacker is in her email trying to get credit card, financial, SSN, PayPal, etc info.
Why go in and take the extra effort to cancel a flight? I wonder if it was someone who personally knew your friend and was taking it out on her.
Why go in and take the extra effort to cancel a flight? I wonder if it was someone who personally knew your friend and was taking it out on her.
#18
Join Date: Feb 2001
Location: Wesseling, NRW, Germany
Programs: UA *S , MR LT Titanium, HH Diamond, Hertz PC
Posts: 3,940
They have verified. "May I have your name?" "<says name>". "May I have your booking code?" "<says booking code>".
The booking code i.e. PNR locator is only shown on an encrypted webpage when you book and sent to the password-protected email you used for the booking. It's confidential, it's protected info. Amazon and most other retailers don't ask you for more than an email and password either to log in and buy stuff.
The booking code i.e. PNR locator is only shown on an encrypted webpage when you book and sent to the password-protected email you used for the booking. It's confidential, it's protected info. Amazon and most other retailers don't ask you for more than an email and password either to log in and buy stuff.
Greetings - Dirk
#19
Join Date: Jul 2013
Location: AMS/RTM
Posts: 2,827
I have always thought that the PNR/last name combination as a username/password was extremely weak, considering that it is sent in cleartext.
For example, our corporate TA blocks time in our calendars with the flight information, including the PNR. Every employee can see each other's calendar. So it would be trivial, for a prankster or a disgruntled colleague, to make a mess out of it.
I guess a sensible solution would be to allow small changes (seat selection, FQTV, OLCI) just with PNR and last name, and more substantial ones (rebooking or cancellation) with more information (birthdate or passport number).
For example, our corporate TA blocks time in our calendars with the flight information, including the PNR. Every employee can see each other's calendar. So it would be trivial, for a prankster or a disgruntled colleague, to make a mess out of it.
I guess a sensible solution would be to allow small changes (seat selection, FQTV, OLCI) just with PNR and last name, and more substantial ones (rebooking or cancellation) with more information (birthdate or passport number).
#20
Join Date: Sep 2013
Posts: 2,188
They have verified. "May I have your name?" "<says name>". "May I have your booking code?" "<says booking code>".
The booking code i.e. PNR locator is only shown on an encrypted webpage when you book and sent to the password-protected email you used for the booking. It's confidential, it's protected info. Amazon and most other retailers don't ask you for more than an email and password either to log in and buy stuff.
The booking code i.e. PNR locator is only shown on an encrypted webpage when you book and sent to the password-protected email you used for the booking. It's confidential, it's protected info. Amazon and most other retailers don't ask you for more than an email and password either to log in and buy stuff.
As long as the PNR-code is sent through normal, unencrypted eMail this just is nowhere near an secure transmission and prone to interception. Additionally you can just call the airline and actually ASK for the PNR when you have the approximate flight detail...done this more than once when I booked on a OTA that did not display the airline's confirmation code.
+1
#21
Join Date: May 2010
Programs: M&M FTL; BAEC Bronze
Posts: 1,043
It can be annoying when you always get adverts in Swedish when you are sitting in SE Asia, but if an IT system blocked the changing of tickets/reservations based on this then it would never work.
But I don't understand what a hacker would have to gain by cancelling a flight ticket electronically? Sounds more like somebody they know trying to make life awkward for them.
You could try the tactic of saying that the cancellation was not authorised so LH are to blame. Or you could see if travel insurance might help.
#22
FlyerTalk Evangelist
Original Poster
Join Date: Oct 2008
Posts: 11,569
From my checks I can see all you need is the PNR and the surname to cancel the ticket on Lufthansa.com so the proof needed is far less than a telephone conversation where perhaps some more personal details would be needed. However, I'd imagine with access to email the only benefit would be a voice capture of who cancelled it, particularly if it was male and in this case the pax is female.
I have contacted the LH lurker here to see if they can help because I have got nowhere with the call centre who keep telling us to email CR but a response/resolution before Saturday is slim to zero. I have also reached out the social media lot.
The issue is, LH445 on Saturday 1 Nov is busy and is showing full Y only as of now and she was booked in Q.
This is a good lesson for all to ensure that you keep your PNR secret. A few weeks ago, the hacker could have cancelled around 5 tickets causing even more havoc and thousands of dollars in change fees and fare differences given LH's policy.
I have contacted the LH lurker here to see if they can help because I have got nowhere with the call centre who keep telling us to email CR but a response/resolution before Saturday is slim to zero. I have also reached out the social media lot.
The issue is, LH445 on Saturday 1 Nov is busy and is showing full Y only as of now and she was booked in Q.
This is a good lesson for all to ensure that you keep your PNR secret. A few weeks ago, the hacker could have cancelled around 5 tickets causing even more havoc and thousands of dollars in change fees and fare differences given LH's policy.
#23
Join Date: Sep 2013
Posts: 2,188
Not even that. If you have the PNR and the name they do not even blink. I was never asked any questions when I called to make changes to the tickets of my mother in law, who travels often (for someone her age) but hates call centers.
#24
Join Date: Jul 2013
Location: MRY - CNX - TXL
Programs: UA 1K / *G / Marriott PE / Expedia Gold+ / Hertz PC
Posts: 7,058
Once a "frenemy" was tweeting to UA about missing a flight or something and instead of direct messaging them his confirmation # he posted it publicly. I wanted to change him to a middle seat. I also got a chuckle that he was in Y when he does all efforts to make it seem like he flies J/F on social media...but to the trained eye.
#25
Join Date: May 2014
Location: DMV
Posts: 2,092
As long as the PNR-code is sent through normal, unencrypted eMail this just is nowhere near an secure transmission and prone to interception. Additionally you can just call the airline and actually ASK for the PNR when you have the approximate flight detail...done this more than once when I booked on a OTA that did not display the airline's confirmation code.
Greetings - Dirk
Greetings - Dirk
#26
Original Member
Join Date: May 1998
Location: a proud member of FT since 05-05-1998
Programs: DL, AF and KL - UA - *G
Posts: 2,239
Just because it is industie standard does not mean that the proof of burden for a canceled reservation lies with the passenger - LH would have to proof it verified the person canceling is eligable and if they can not....THEY have a problem!
#27
FlyerTalk Evangelist
Original Poster
Join Date: Oct 2008
Posts: 11,569
Given the peculiarities of the small claims courts in England I feel it makes more sense to go down this route rather than pay another $1500 which one might not get back (Plus a throwaway return is a bit cheaper). The claim will only be half the amount and LH are less likely to defend. In the end, as she needs to fly back on the Saturday as originally booked there is nothing to lose by issuing a claim no matter of the chances of its success because these costs are going to be incurred regardless.
#28
Join Date: Aug 2005
Programs: UA*G(1K), PC Diamond Amb, Marriott Titanium, Accor Platinum
Posts: 4,670
Because the re-booking costs are a further $1500 she is unwilling to pay this supplement in addition to her re-booked ticket where she paid $250 extra to travel on a day with Q class availability. As its important she doesn't miss Monday and this is a leisure trip I am thinking to book her a flight on BA with some miles.
HTB.
#29
Original Member
Join Date: May 1998
Location: a proud member of FT since 05-05-1998
Programs: DL, AF and KL - UA - *G
Posts: 2,239
+1
If you can get a reasonable regular ticket I am sure it will be much easier to settle in court.
Please also make sure you get something in writing (mail) from LH that they refuse to reinstate the flights - as they might deny this when legal actions occur!
If you can get a reasonable regular ticket I am sure it will be much easier to settle in court.
Please also make sure you get something in writing (mail) from LH that they refuse to reinstate the flights - as they might deny this when legal actions occur!
#30
FlyerTalk Evangelist
Join Date: Sep 2005
Location: Capetown
Programs: Marriott Lifetime Plat, IHG and Hilton Diamond, LH SEN, BA Gold
Posts: 10,167
The "worst" thing that can happen without a "something in writing" is that they accept the claim upon receipt of the service and the OP has the swollow their small statutory lawyers fees which might even not occur because LH sometimes represents itself without external counsel in the small claims court (Amtsgericht). This would however be better than any settlement in court you propose.