Jan 13, 2015, 9:39 pm
Last edit by: JDiver
Signed in members with 90 days / 90 posts can edit this Wikipost; wiki contents may be printed by using the 
(lower right wiki corner)
Note: you are entitled to get a free credit from each Credit Reporting Agency(Equifax, Experian and TransUnion) report every twelve months without cause, and again for cause. You can request your credit reports from this (only) service set up by the CRAs here: https://www.annualcreditreport.com/index.action. This is the only sanctioned site; others will try to sell you products.
(lower right wiki corner)
United Airlines and American Airlines have confirmed that cyber criminals, using stolen usernames and passwords, accessed frequent flyer accounts in December 2014. Once the thieves fraudulently obtained access to these accounts, miles were transferred, used to book trips and even redeemed for upgrades.
According to American spokeswoman Martha Thomas, as reported by AP, nearly 10,000 AAdvantage accounts may have been compromised Thomas said the airline has frozen some accounts while it works with customers to set up new AAdvantage memberships. Thomas also confirmed that mileage bandits were able to obtain free travel and upgrades without the members’ knowledge or consent in at least two instances.
...
Both airlines insist that their computer networks were not compromised. It appears the thieves obtained username and password information from another company’s site. The thieves were able to use this information to access individual accounts only in cases where the username and password matched the exact login credentials of the hacked site. To prevent this kind of incident from occurring again, United is now requiring MileagePlus members to enter their account number when logging in.
Jeff Edwards, 12 Jan 2015, FlyerTalk.. Copyright © 2015 Flyertalk.com.
Link.
According to American spokeswoman Martha Thomas, as reported by AP, nearly 10,000 AAdvantage accounts may have been compromised Thomas said the airline has frozen some accounts while it works with customers to set up new AAdvantage memberships. Thomas also confirmed that mileage bandits were able to obtain free travel and upgrades without the members’ knowledge or consent in at least two instances.
...
Both airlines insist that their computer networks were not compromised. It appears the thieves obtained username and password information from another company’s site. The thieves were able to use this information to access individual accounts only in cases where the username and password matched the exact login credentials of the hacked site. To prevent this kind of incident from occurring again, United is now requiring MileagePlus members to enter their account number when logging in.
Jeff Edwards, 12 Jan 2015, FlyerTalk.. Copyright © 2015 Flyertalk.com.
Link.
Thomas said that American would pay for a credit-watch service for one year for affected customers. (See below e-mail; one year Experian credit monitoring.)
Both were quick to say that nobody hacked their systems — that thieves got usernames and passwords somewhere else and tried to use them to log into American’s AAdvantage and United’s MileagePlus, hoping that the login information would be the same. They said that other information such as entire credit-card numbers was not exposed.
The representatives said they did not know how thieves acquired the usernames and passwords. Thomas said American had referred the matter to the FBI.
In Part, from AP via Dallas Morning News: Link
Both were quick to say that nobody hacked their systems — that thieves got usernames and passwords somewhere else and tried to use them to log into American’s AAdvantage and United’s MileagePlus, hoping that the login information would be the same. They said that other information such as entire credit-card numbers was not exposed.
The representatives said they did not know how thieves acquired the usernames and passwords. Thomas said American had referred the matter to the FBI.
In Part, from AP via Dallas Morning News: Link
Just received the following email. I assume everyone affected will receive it. There are 2 attachments. 1) How to enroll in Experian, 2) generic information about steps to protect yourself against fraud and identity theft.
"Hello____,
We are writing to inform you about an incident involving unauthorized access to your online AAdvantage® account. An unauthorized third party recently used email addresses and passwords obtained from sources other than American Airlines to log into certain accounts, including yours. This could have resulted in access to the information that you see when you log in to your account, such as your name, email address, phone number, postal address, date of birth, the last four digits of your credit or debit card and its expiration date, your AAdvantage number, and information about the miles, mileage activity, the points that you have accrued, and the last four digits of passport numbers. In a small number of cases, known‑traveler IDs and redress numbers, as well as the last four digits of U.S. resident card numbers, also may have been compromised. Based on our review, the unauthorized access occurred on or about December 30, 2014.
Importantly, the affected accounts do not contain Social Security numbers or full credit or debit card numbers. We are in the process of working with U.S. federal law enforcement and are continuing to investigate the incident.
For your security, we have created a new AAdvantage account for you and a new AAdvantage number. We are in the process of transferring all of the miles from your old account to your new account. Once that merge is complete, your new number is emailed to you. You can use that new account number to log in to your account on aa.com. You will need to create a new password at that time, which you can do by clicking the "Forgot your password" link below the field where you would enter a password. You should not use the password you previously used for your AAdvantage account. Also, you should not use a password that you use for other online accounts.
Additionally, we have contracted with Experian to provide you a free one‑year membership in Experian's credit monitoring program. This product helps detect possible misuse of your personal information and provides you with identity protection services focused on identification and resolution of identity theft. You may sign up for this service by following the instructions included in Attachment A. You will be able to access this offer at no cost until April 30, 2015.
Any unauthorized transfers of miles will be credited to your account. Nonetheless, we recommend that you carefully review your statements, account activity, and credit reports to help protect the security of your accounts. Attachment B contains more information about steps you can take to protect yourself against fraud and identity theft.
We apologize for any inconvenience this may have caused you. American Airlines takes information security very seriously and will continue to work to ensure that appropriate measures are taken to protect the personally identifiable information we maintain.
If you have further questions, please contact AAdvantage® Customer Service.
After business hours, please contact aa.com Web Services.
Regards,
Steven D. Leist
Chief Privacy Officer
Vice President – Technology Infrastructure
"Hello____,
We are writing to inform you about an incident involving unauthorized access to your online AAdvantage® account. An unauthorized third party recently used email addresses and passwords obtained from sources other than American Airlines to log into certain accounts, including yours. This could have resulted in access to the information that you see when you log in to your account, such as your name, email address, phone number, postal address, date of birth, the last four digits of your credit or debit card and its expiration date, your AAdvantage number, and information about the miles, mileage activity, the points that you have accrued, and the last four digits of passport numbers. In a small number of cases, known‑traveler IDs and redress numbers, as well as the last four digits of U.S. resident card numbers, also may have been compromised. Based on our review, the unauthorized access occurred on or about December 30, 2014.
Importantly, the affected accounts do not contain Social Security numbers or full credit or debit card numbers. We are in the process of working with U.S. federal law enforcement and are continuing to investigate the incident.
For your security, we have created a new AAdvantage account for you and a new AAdvantage number. We are in the process of transferring all of the miles from your old account to your new account. Once that merge is complete, your new number is emailed to you. You can use that new account number to log in to your account on aa.com. You will need to create a new password at that time, which you can do by clicking the "Forgot your password" link below the field where you would enter a password. You should not use the password you previously used for your AAdvantage account. Also, you should not use a password that you use for other online accounts.
Additionally, we have contracted with Experian to provide you a free one‑year membership in Experian's credit monitoring program. This product helps detect possible misuse of your personal information and provides you with identity protection services focused on identification and resolution of identity theft. You may sign up for this service by following the instructions included in Attachment A. You will be able to access this offer at no cost until April 30, 2015.
Any unauthorized transfers of miles will be credited to your account. Nonetheless, we recommend that you carefully review your statements, account activity, and credit reports to help protect the security of your accounts. Attachment B contains more information about steps you can take to protect yourself against fraud and identity theft.
We apologize for any inconvenience this may have caused you. American Airlines takes information security very seriously and will continue to work to ensure that appropriate measures are taken to protect the personally identifiable information we maintain.
If you have further questions, please contact AAdvantage® Customer Service.
After business hours, please contact aa.com Web Services.
Regards,
Steven D. Leist
Chief Privacy Officer
Vice President – Technology Infrastructure
AAdvantage account data / security breaches Dec 2014 (merged)
Mar 1, 2015, 3:15 pm
#211
Join Date: Nov 2009
Location: LAX
Programs: AAEXP, 1 MM
Posts: 25
AA ff# changed
recently my AA ff# was changed and was told some of the EXP# had been breached. Now that I have a totally new ff# (that I cannot remember) and recently at the TSA check in did not have my usual pre check , even though I had my Global entry number previously entered in my profile. when I got home I logged in only to find all my personal info was no longer there... Now I have reentered all the info. can anyone explain what happened, and will I continue to have the TSA expedited check in's
Mar 1, 2015, 5:13 pm
#212
A FlyerTalk Posting Legend
Join Date: Sep 2009
Location: Minneapolis: DL DM charter 2.3MM
Programs: A3*Gold, SPG Plat, HyattDiamond, MarriottPP, LHW exAccess, ICI, Raffles Amb, NW PE MM, TWA Gold MM
Posts: 100,393
This question seems to belong in Trusted Traveler, not TalkBoard Topics.
Mar 1, 2015, 7:21 pm
#214
Join Date: Jun 2014
Location: TPA
Programs: BA Silver; Hilton Gold; IHG Diamond Ambassador; Marriott Gold
Posts: 2,811
Yes, people have had their Aadvantage number recently changed due to a breach. See this thread for discussion.
Mar 6, 2015, 12:28 pm
#215
In Memoriam, FlyerTalk Evangelist
Join Date: Jun 2000
Location: Benicia CA
Programs: Alaska MVP Gold 75K, AA 3.8MM, UA 1.1MM, enjoying the retired life
Posts: 31,849
Miami man accused of stealing American Airlines customers' frequent flyer miles
Milad Avazdavani scammed more than $260,000 worth of miles from 6 customers, police say
Milad Avazdavani scammed more than $260,000 worth of miles from 6 customers, police say
Wonder if this is the reason some accounts were locked.
Sep 3, 2015, 9:25 pm
#216
Join Date: Apr 2005
Posts: 522
May 10, 2016, 1:42 am
#217
Join Date: Jan 2015
Location: LHR
Programs: AA
Posts: 773
Old thread I know, but: Has anyone successfully used your old AAdvantage number on a partner flight and had it credit successfully to AA?
I'm flying Finnair today and for reasons that are beyond me, my reservation will accept my old pre-breach AA number, but not my current one I've had for the last year and a half. I can't get through to customer service.
I'm wondering if my old number will still trigger in AA's systems. Anyone have any experience or informed speculation?
I'm flying Finnair today and for reasons that are beyond me, my reservation will accept my old pre-breach AA number, but not my current one I've had for the last year and a half. I can't get through to customer service.
I'm wondering if my old number will still trigger in AA's systems. Anyone have any experience or informed speculation?
May 10, 2016, 7:07 am
#218
Suspended
Join Date: Mar 2001
Location: FIND ME ON TWITTER FOR THE LATEST
Posts: 27,730
Old thread I know, but: Has anyone successfully used your old AAdvantage number on a partner flight and had it credit successfully to AA?
I'm flying Finnair today and for reasons that are beyond me, my reservation will accept my old pre-breach AA number, but not my current one I've had for the last year and a half. I can't get through to customer service.
I'm wondering if my old number will still trigger in AA's systems. Anyone have any experience or informed speculation?
I'm flying Finnair today and for reasons that are beyond me, my reservation will accept my old pre-breach AA number, but not my current one I've had for the last year and a half. I can't get through to customer service.
I'm wondering if my old number will still trigger in AA's systems. Anyone have any experience or informed speculation?