HNLbasedFlyer

Once the backlash started - I have no doubt people were watching the UA upgrade list like a hawk (especially reporters) knowing he had no choice but to come back asap.

dmurphynj

We are way off topic at this point but ... the service layer around SHARES may still have some HP-UX in it, but the core is still mainframe-based TPF.
And gosh I hope they have an exit plan for UX... less than 4 years until 11.31 goes end of support. Then, it's done.

But that's enough off-topic for me ;-)

txaggiemiles

If a blogger lied and there is, in fact, no existing United employee to punish, then yes... under that set of facts the (nonexistent) employee should not be fired.

There is of course a much more pertinent question which is should UA investigate and subsequently fire any employee who did leak private information to a blogger (or otherwise). To that the community seems split.

lincolnjkc

Even I'm split. Investigate, yes, without a doubt. If that employee exists and is found, yes absolutely they should be punished. Fired is where I start to waffle -- without a doubt it's a massive violation of a customer's privacy but does it rise to a level where, absent any other misconduct in that employee's history, it warrants firing? I'm not so sure. It feels like it needs more than a slap on a wrist, but does it require a hanging on first offense?

Others have highlighted the ways information could be unintentionally leaked in a specific case (calling with res information, etc) but what about premium services agents meeting passengers with big ol' "SMITH/JOHN - 1234 XXX" signs? What about the local Sharepoint sites with MIP passengers expected at that airport on that day? Both of those are condoned by management at some level.

GUWonder

Did UA back then really document the PNR access history with the PNR itself? I thought that any such documenting back then for the PNR being examined would have been more likely conducted on the basis of monitoring of the client device used to communicate rather than the monitoring of the access to the data on the data-center side. If it even took place systematically.

If someone with the PNR/record locator got onto their iPhone and connected indirectly via a VPN to access the PNR on UA's website, UA probably wouldn't be able to trace it to a UA employee. Even if the person doing so was a UA employee.

Doesn't UA still answer the phone to give people the record locator over the phone when the person gives the name and booked flight details (of route/flight number+date of travel)? It used to be rather routine for me to call up the airlines to get record locators for my booked flights because the record locator wasn't at hand but I would possibly need it later.

For the person whose travels prompted this thread, it seemed like no less than a dozen people knew of his travel plans even before he hit the road to get to the airport to catch the CUN flight. And he's not the most popular person in the neighborhood even among those whose kids play with his daughters.

It will be interesting to see if UA does anything additional to protect passenger privacy by making the standby/upgrade lists harder to monitor and be used for monitoring, deploys technology to restrict PNR access by the general public, gets in the game of training agents not to give out the record locators so easily or other measures to improve on the situation. Going after a UA employee for a leak won't do much if any good if that is all that UA does in response to this kind of situation ..... if it were even the case that a UA employee knowingly leaked the flight/ticket change history.

Continued into the 1990s and remained valid into the early 2000s too on the VA licenses I've seen. I was always surprised that we didn't get any airlines trying to use SSNs as the FFN although I once had a passport number in front of me that matched or almost matched the SSN and matched a FFN for some airline. And it wasn't even a mistake -- it was just a freakish coincidence.

lincolnjkc

Yes-ish.

The major airline reservation systems date from the big iron dats where the client was essentially just a monitor and keyboard with no local processing capabilities so the auditing methods built in could only audit the mainframe/server/data center side of things. An agent accessing SHARES is really just running a terminal emulator. While there have been layers (Aero among many, many, many others) built on top of this and CUTE/CUSS have added more indirection and complications the server side is the only place an audit trail makes sense.

Depends... If the person accessing it was running the app and they had logged into the app with their credentials that would be fairly easy to track (particularly if the app is running in a privileged mode, e.g. UA employee) -- if the user was doing it from a web browser and had ever accessed UA.com there's a >0% chance that cookies or similar unique identifiers could connect the dot. Of course using something like Incognito mode mitigates that risk a bit but it's far from untraceable.

GUWonder

Not via app. Phone apps may as well be considered spyware.

fastflyer

A large New England grocery store chain used the customer's SSN as its loyalty number in the 1980s and 1990s. You would often hear the checkout lady ask a shopper "What's your Social?" if the card wasn't presented. It's a little jarring to remember how widely Social Security numbers used to be publicized.

xooz

Not sure where UA PNR info is kept now, but many other airlines and UA itself have used the IBM zTPF operating system as the "core" system. In that environment, PNRs could be displayed and "ignored" without any tracking. If a PNR was modified in any way, a history item was added identifying who made the change.

SPN Lifer

That is generally how I remember it in 1985-87. The two-character "agent sine" [I hated that spelling] and five-letter station code (e.g., SFORR, SFOCS, SFOTR) were entered into the PNR "history" only if a modification was made, and not if the "IR" ("Ignore Record") button were pressed — as was common in responding to travel agent queries.

What I did not know, as a mere line employee, is whether management kept some additional records, not visible on the "normal" PNR history, about the station and agent sine of employees who merely accessed a PNR.

GUWonder

Prominent customers' flight info would be less likely to be as easily tracked by the questionably curious if passengers were more generally allowed to fly under a ticketed name other than their own. I'm not holding my breath waiting for UA to push for that kind of change, but that would provide some customers additional privacy and security from tracking.

HNLbasedFlyer

I suspect homeland security would disagree with that implementation

lincolnjkc

And given the trouble I've had with TSA (fortunately only twice) getting uppity about my name legal name/name on ID not matching the name on my boarding pass -- where the only difference is the BP is missing the "-" in my surname because airline res systems don't support a hyphen in the name field, so no matter how much I want it there it will never exactly match any ID I have, I can only imagine the chaos that would result if anyone could fly under any name...and things like the No Fly list would be (even more) useless (than it is already).

This was possible back in the old days though, may I introduce you to Dan "D.B." Cooper?

GUWonder

It would actually avoid a lot of chaos for passengers, including the chaos you've seen on your own trips.

Certainly. But for an international flight -- and that's what this trip was -- DHS would still get the loaded passport info anyway even with the name on the ticket and boarding pass being different than on the passport.

Assuming UA doesn't want to open the field to UA's ticketed customers again becoming UA's own competition for additional revenue from people seeking flight services on UA planes, I certainly expect that UA too would disagree with that implementation providing customers with additional privacy/security from questionable tracking.

kale73

Seems tangential to the subject at hand.