Mileage Program Cyber Attack Could Be Inside Job

Hacker in the action on his laptop computer

Airline confirms at least 20 accounts hacked, stealing over $20,000 in miles.

Air India is the latest airline to be targeted by frequent flyer mile-stealing hackers, as at least 20 flyers had their accounts drained. The Times of India reports the hackers accessed the accounts illegally to swipe the miles, valued at around $23,475.

According to a report obtained by the newspaper, the airline believes the perpetrator understood the steps in the Flying Returns membership process and used their knowledge to subvert the system. As a result, the 20 accounts of a reported 190,000 were attacked, with miles stolen from each. Police are unsure whether there are more victims, or if the 20 accounts represent the full expanse of the attack.

Police in Delhi are investigating the situation and are focusing on those who flew on the carrier with the stolen miles. The Times of India claims one of the leads revolves around on a flyer who boarded Air India Flight 849 on June 10. Police have contacted him to find out where he booked his ticket. The information could lead police to one or more suspects, who are believed to have inside knowledge of the carrier.

“Apart from the computer hacker, we suspect the role of a present or a former employee who may be aware of the intricacies and loopholes in the system,” a senior police officer told the Times of India. “We have asked the airline to supply us a list of employees who have quit the company recently.”

The frequent flyer account hacks are the latest attacks made against carriers for frequent flyer miles. In 2015, American Airlines, Hyatt Hotels and United Airlines each faced a cyber attack, with some flyers losing frequent flyer miles out of their accounts.

[Photo: Getty]