UA investigating disclosure of prominent customer's flight info
#46
Join Date: Sep 2006
Location: HNL
Programs: UA GS4MM, MR LT Plat, Hilton Gold
Posts: 6,447
Once the backlash started - I have no doubt people were watching the UA upgrade list like a hawk (especially reporters) knowing he had no choice but to come back asap.
#47
Join Date: Aug 2010
Location: Morris County, NJ
Programs: UA 1K/*G, Avis Pres, Marriott Plat
Posts: 2,305
We are way off topic at this point but ... the service layer around SHARES may still have some HP-UX in it, but the core is still mainframe-based TPF.
And gosh I hope they have an exit plan for UX... less than 4 years until 11.31 goes end of support. Then, it's done.
But that's enough off-topic for me ;-)
And gosh I hope they have an exit plan for UX... less than 4 years until 11.31 goes end of support. Then, it's done.
But that's enough off-topic for me ;-)
#48
Join Date: Dec 2010
Location: TX
Programs: UA 1K
Posts: 729
Except it isn't - his name started to appear on a publicly available upgrade list. As soon as Cruz changed his flight - anyone could see he was on that flight - no source at United needed to tell anyone that - quite frankly, the travel blogger, in my opinion - is just puffing himself up by saying he had a UA source when he probably just saw it on the upgrade list.
There is of course a much more pertinent question which is should UA investigate and subsequently fire any employee who did leak private information to a blogger (or otherwise). To that the community seems split.
#49
Join Date: Feb 2005
Location: CLE, DCA, and 30k feet
Programs: Honors LT Diamond; United 1K; Hertz PC
Posts: 4,156
Others have highlighted the ways information could be unintentionally leaked in a specific case (calling with res information, etc) but what about premium services agents meeting passengers with big ol' "SMITH/JOHN - 1234 XXX" signs? What about the local Sharepoint sites with MIP passengers expected at that airport on that day? Both of those are condoned by management at some level.
#50
Suspended
Join Date: Jul 2001
Location: Watchlisted by the prejudiced, en route to purgatory
Programs: Just Say No to Fleecing and Blacklisting
Posts: 102,095
https://thehill.com/policy/transport...f-cruzs-cancun
I wonder how common such prominent disclosures are? UA seems generally very good about protecting customers' privacy.
As a UA employee for two years in the 1980s, opening the PNRs of celebrities without business need to do so was grounds for discipline.
I am no longer sure if the PNR history documents every agent who accessed a file, or merely those who modified it.
I wonder how common such prominent disclosures are? UA seems generally very good about protecting customers' privacy.
As a UA employee for two years in the 1980s, opening the PNRs of celebrities without business need to do so was grounds for discipline.
I am no longer sure if the PNR history documents every agent who accessed a file, or merely those who modified it.
If someone with the PNR/record locator got onto their iPhone and connected indirectly via a VPN to access the PNR on UA's website, UA probably wouldn't be able to trace it to a UA employee. Even if the person doing so was a UA employee.
Doesn't UA still answer the phone to give people the record locator over the phone when the person gives the name and booked flight details (of route/flight number+date of travel)? It used to be rather routine for me to call up the airlines to get record locators for my booked flights because the record locator wasn't at hand but I would possibly need it later.
For the person whose travels prompted this thread, it seemed like no less than a dozen people knew of his travel plans even before he hit the road to get to the airport to catch the CUN flight. And he's not the most popular person in the neighborhood even among those whose kids play with his daughters.
It will be interesting to see if UA does anything additional to protect passenger privacy by making the standby/upgrade lists harder to monitor and be used for monitoring, deploys technology to restrict PNR access by the general public, gets in the game of training agents not to give out the record locators so easily or other measures to improve on the situation. Going after a UA employee for a leak won't do much if any good if that is all that UA does in response to this kind of situation ..... if it were even the case that a UA employee knowingly leaked the flight/ticket change history.
Continued into the 1990s and remained valid into the early 2000s too on the VA licenses I've seen. I was always surprised that we didn't get any airlines trying to use SSNs as the FFN although I once had a passport number in front of me that matched or almost matched the SSN and matched a FFN for some airline. And it wasn't even a mistake -- it was just a freakish coincidence.
Last edited by GUWonder; Feb 24, 2021 at 7:02 am
#51
Join Date: Feb 2005
Location: CLE, DCA, and 30k feet
Programs: Honors LT Diamond; United 1K; Hertz PC
Posts: 4,156
Did UA back then really document the PNR access history with the PNR itself? I thought that any such documenting back then for the PNR being examined would have been more likely conducted on the basis of monitoring of the client device used to communicate rather than the monitoring of the access to the data on the data-center side. If it even took place systematically.
The major airline reservation systems date from the big iron dats where the client was essentially just a monitor and keyboard with no local processing capabilities so the auditing methods built in could only audit the mainframe/server/data center side of things. An agent accessing SHARES is really just running a terminal emulator. While there have been layers (Aero among many, many, many others) built on top of this and CUTE/CUSS have added more indirection and complications the server side is the only place an audit trail makes sense.
Depends... If the person accessing it was running the app and they had logged into the app with their credentials that would be fairly easy to track (particularly if the app is running in a privileged mode, e.g. UA employee) -- if the user was doing it from a web browser and had ever accessed UA.com there's a >0% chance that cookies or similar unique identifiers could connect the dot. Of course using something like Incognito mode mitigates that risk a bit but it's far from untraceable.
#52
Suspended
Join Date: Jul 2001
Location: Watchlisted by the prejudiced, en route to purgatory
Programs: Just Say No to Fleecing and Blacklisting
Posts: 102,095
Yes-ish.
The major airline reservation systems date from the big iron dats where the client was essentially just a monitor and keyboard with no local processing capabilities so the auditing methods built in could only audit the mainframe/server/data center side of things. An agent accessing SHARES is really just running a terminal emulator. While there have been layers (Aero among many, many, many others) built on top of this and CUTE/CUSS have added more indirection and complications the server side is the only place an audit trail makes sense.
Depends... If the person accessing it was running the app and they had logged into the app with their credentials that would be fairly easy to track (particularly if the app is running in a privileged mode, e.g. UA employee) -- if the user was doing it from a web browser and had ever accessed UA.com there's a >0% chance that cookies or similar unique identifiers could connect the dot. Of course using something like Incognito mode mitigates that risk a bit but it's far from untraceable.
The major airline reservation systems date from the big iron dats where the client was essentially just a monitor and keyboard with no local processing capabilities so the auditing methods built in could only audit the mainframe/server/data center side of things. An agent accessing SHARES is really just running a terminal emulator. While there have been layers (Aero among many, many, many others) built on top of this and CUTE/CUSS have added more indirection and complications the server side is the only place an audit trail makes sense.
Depends... If the person accessing it was running the app and they had logged into the app with their credentials that would be fairly easy to track (particularly if the app is running in a privileged mode, e.g. UA employee) -- if the user was doing it from a web browser and had ever accessed UA.com there's a >0% chance that cookies or similar unique identifiers could connect the dot. Of course using something like Incognito mode mitigates that risk a bit but it's far from untraceable.
#53
Join Date: Apr 2000
Location: Palm Beach/ New England
Programs: AA EXP 3MM, DL GM, Marriott Platinum
Posts: 4,382
They could keep the list but switch to using an identifier that's not a truncation of your name. When I was in college in the early 90s, professors would post grades on their office doors, anonymized by...Social Security #! Really. So maybe not that, but a 3-digit "Upgrade/Standby ID" could be displayed on your BP or in the app.
#54
Join Date: Jul 2002
Posts: 3,642
Not sure where UA PNR info is kept now, but many other airlines and UA itself have used the IBM zTPF operating system as the "core" system. In that environment, PNRs could be displayed and "ignored" without any tracking. If a PNR was modified in any way, a history item was added identifying who made the change.
#55
FlyerTalk Evangelist
Original Poster
Join Date: Mar 2002
Location: Saipan, MP 96950 USA (Commonwealth of the Northern Mariana Islands = the CNMI)
Programs: UA Silver, Hilton Silver. Life: UA .57 MM, United & Admirals Clubs (spousal), Marriott Platinum
Posts: 15,034
Did UA back then really document the PNR access history with the PNR itself? I thought that any such documenting back then for the PNR being examined would have been more likely conducted on the basis of monitoring of the client device used to communicate rather than the monitoring of the access to the data on the data-center side. If it even took place systematically.
Not sure where UA PNR info is kept now, but many other airlines and UA itself have used the IBM zTPF operating system as the "core" system. In that environment, PNRs could be displayed and "ignored" without any tracking. If a PNR was modified in any way, a history item was added identifying who made the change.
What I did not know, as a mere line employee, is whether management kept some additional records, not visible on the "normal" PNR history, about the station and agent sine of employees who merely accessed a PNR.
Last edited by SPN Lifer; Feb 24, 2021 at 2:38 pm
#56
Suspended
Join Date: Jul 2001
Location: Watchlisted by the prejudiced, en route to purgatory
Programs: Just Say No to Fleecing and Blacklisting
Posts: 102,095
Prominent customers' flight info would be less likely to be as easily tracked by the questionably curious if passengers were more generally allowed to fly under a ticketed name other than their own. I'm not holding my breath waiting for UA to push for that kind of change, but that would provide some customers additional privacy and security from tracking.
#57
Join Date: Sep 2006
Location: HNL
Programs: UA GS4MM, MR LT Plat, Hilton Gold
Posts: 6,447
Prominent customers' flight info would be less likely to be as easily tracked by the questionably curious if passengers were more generally allowed to fly under a ticketed name other than their own. I'm not holding my breath waiting for UA to push for that kind of change, but that would provide some customers additional privacy and security from tracking.
#58
Join Date: Feb 2005
Location: CLE, DCA, and 30k feet
Programs: Honors LT Diamond; United 1K; Hertz PC
Posts: 4,156
This was possible back in the old days though, may I introduce you to Dan "D.B." Cooper?
#59
Suspended
Join Date: Jul 2001
Location: Watchlisted by the prejudiced, en route to purgatory
Programs: Just Say No to Fleecing and Blacklisting
Posts: 102,095
It would actually avoid a lot of chaos for passengers, including the chaos you've seen on your own trips.
Certainly. But for an international flight -- and that's what this trip was -- DHS would still get the loaded passport info anyway even with the name on the ticket and boarding pass being different than on the passport.
Assuming UA doesn't want to open the field to UA's ticketed customers again becoming UA's own competition for additional revenue from people seeking flight services on UA planes, I certainly expect that UA too would disagree with that implementation providing customers with additional privacy/security from questionable tracking.
Assuming UA doesn't want to open the field to UA's ticketed customers again becoming UA's own competition for additional revenue from people seeking flight services on UA planes, I certainly expect that UA too would disagree with that implementation providing customers with additional privacy/security from questionable tracking.
Last edited by GUWonder; Feb 24, 2021 at 6:32 pm