I appreciate your efforts to help.
1. I was able to access my account using my id and password when I discovered the mileage redemption. So obviously email id and password were not changed by the fantom hacker. Means I should have received the notification for the fraudulent activity. Also immediately after I had logged in to check the account I did receive a notification regarding that from Jet.
I am not technically advanced just plain Structural Enginner able to put 2 and 2 together

2. Local office term is Jet representative's , not sure what she meant

3. Passwords etc were changed immediately after. Would not much good if lax security