RR account hacked and SW has been unresponsive
 

I have been A-List for 5 years and my RR account was recently hacked. Someone went in, changed the email (I received no notifications to my email on file) and booked 3 reservations over 2 days, wiping out 184k points. The flights were taken same and next day by random people.... I see the confirms and SW sent me the receipts. I reported to SW last Sunday and have spoken to 3 different people. They just say that the fraud team will look into. They are not giving me assurances that my points will be restored or that they intend to find out who did this and go after. I am happy to engage a lawyer and press charges against the person - it's theft.

The last thread on this was in 2011 and the person had the same thing happen, but the flights were not taken, in my case, the seats were used. Look forward to any guidance.

So people have picture IDs with your name on it and recently cleared security at separate portals? That's one messed up scheme.

I suspect you'll get your points back. But more ominous issues remain.

Uh... it's quite easy to book tickets in other people's names with RR points. I don't think OP has this particular issue to worry about.

I don't consider that a prized asset. The liabilities are boundless.

First off, I hope SW makes you whole.

At the same time, I find this an interesting situation. Most think SW (or any other airline) should eat the loss and reimburse the points. But, you have to ask - why?

Did SW fail?
Where or how did the thief find a way into the system and book the tickets?
Could the account have been left open somewhere such as a public computer, or logged in via a hacked wifi site?
Was the password easy to crack?
Was it an inside job?

It's one of the best features of the program. My wife can book tickets in my name. I can book them in her name. We can cancel and get all points refunded. It's a great system.

What do you mean by "recently"?

I would expect WN to investigate and assure itself that you were neither affirmatively involved nor made your account available to anyone. In particular someone will have paid the 9/11 Security Fee and that is hopefully trackable.

Can't you do this in pretty much every frequent flyer program?

Let's say OP needed to book a flight for the stolen miles can WN just book OP with no fees? WN could sue the hacker for all fees and damages

Actually, there was a discussion about points stolen in Oct. 2018: https://www.flyertalk.com/forum/sout...ts-stolen.html . ( 'Points Stolen' is a link to the thread )

As I stated in that thread, I don't understand why Southwest is obligated to reinstate the points.In the previous situation the person did get their points back.

That is likely a fruitless exercise. Much easier and cheaper for WN to investigate and assure itself that OP is not complicit or negligent and then reinstate the missing points if he is not. While there is some cost to WN, it is not a cash hit to its bottom line and the percentage of points which go unused overall is significant. Thus, restoring them is a fairly standard approach.

OP, please update us as to the outcome of this hacking. I certainly hope you get the points back.

WN isn't obligated to restore the points -- the terms of the RR program specifically state that they have no responsibility.

Generally, however, they often do. Once they can prove that the member was actually a victim of fraud. Information regarding the investigation is, for obvious reasons, not released to the customer.

Southwest would do well to increase it's account security measures -- many options are available. But since there's a cost involved, and since Southwest ultimately isn't responsible for stolen points, there's no strong motivation for them to do so.

Good catch. Somebody had to pay the $5.60. There are a few ways to pay this without revealing who you are.

1 - If they logged into the RR account, they can just use the credit card on file. That is what I do with all of our award tickets, and companion.

2 - They could use a legit debit/prepaid credit card that has no name tied to it.

3 - They could use a stolen credit card.

4 - They could use a SW gift card that has no name tied to it - other than other bookings if SW wanted to dig deeper.