It has been a rough week for frequent flyers and most of them were on the ground. Compromised data at American, United, and Delta Air Lines leaves flyers wondering what’s next?
If you are considering booking travel or signing up for a new credit card please click here. Both support LiveAndLetsFly.com.
If you haven’t followed us on Facebook or Instagram, add us today.
Data Breaches Everywhere
Frequent flyer customers of just about every airline had a rough week. Atlanta-based SITA passenger service system compromised the data of frequent flyer members in most major US carriers and several abroad. Oneworld members Malaysia Airlines, Finnair, Japan Airlines join American Airlines in the breach that affected the global airline industry including passenger travel planning and booking.
Star Alliance sent messages out with its own message to frequent flyers as many member airlines were affected. In fact, 90% of the industry was part of the database. A spokesman for the company and SITA’s Geneva-based parent company advised that flight cabin and cockpit operations were available in the breach however account passwords were not thought to be compromised.
The company handles itinerary, airport operations and security, baggage, aircraft connectivity, and booking airport operations.
February 1st
It’s an interesting coincidence that February 1st is National Change Your Password Day. In this instance, it wouldn’t have saved any of us because the breach happened before then, but it’s another great reminder that your password is probably out-of-date and you should change it.
If you haven’t changed your passwords in a while, it’s probably time to do so and treat this like a mandate instead of an idea.
What Should You Do?
When it comes to compromised data, airlines are at the mercy of their contractors. And so are we all, though far more unwittingly. Passengers don’t really know what companies do with their data and that can and should stop. In the same breath that we hold companies accountable for their other behaviors, we need more than a shrug of the shoulders.
When you give your personal information to Delta there’s a reasonable expectation that it’s Delta that will hold on to it, manage it and use it. Sure, maybe they will sell your email to 1-800-FLOWERS or partner with a wine club but most don’t have an impression that Delta is sharing their information with a bunch of companies that you’ve never heard of.
Companies with data breaches have a standard protocol at this point: make a statement, offer identity protection, tell customers how the data breach didn’t affect their extremely sensitive data, wait for a lawsuit, settle out of court whereby affected parties receive next to nothing for their trouble and risk.
How is it that one company controls 90% of the market anyway? Where’s the competition and where are the European market overlords to break up the monopoly?
Maybe we all need to make it clearer that this is unacceptable. We’ve seen the strength of banding together for change recently and this might be an area where we write our congresspeople to get a law that makes it clear where our data goes and holds parties responsible when it’s mismanaged.
Conclusion
I, like many of our readership no doubt, am tired of an apology email to state that yet again my personal information has been mismanaged by a company I trusted, who gave my information to a company I implicitly did not. I’m also annoyed by the personal risk and hassle incumbent on me, the customer, for a company’s mistake.
If you’re reading this blog, there’s an extremely high likelihood some element of your personal data and frequent flyer information (including frequent flyer name and membership number) is being sold around the world at the moment. Change your password, write your congressman, and let travel providers know this is entirely unacceptable.
What do you think? Were you affected by the breach? How many times? What do you intend to do about it?
I have been slowly removing accounts online reducing my “footprint” as much as I can realizing that once your online the genie is out of the box. with that said this will continue to be an ongoing issue in our lives the sad part is t hat the majority of these hackers are state sponsored in one form or another. Through my company I do have some “industrial strength” security applications but even those don’t catch everything . My Apple Calendar got spammed yesterday!
Travel wisely
As usual there is no consequence or penalty. Consumer data is basically without protection in most of the world (except the EU and UK). By providing your data online you relinquish all control and there seems to be very little accountability. No wonder in a country like the US where you can’t even stop your bank or card issuer from sharing your information for marketing purposes!!
There need to be some class action lawsuits in the US where a company has to pay billions for not securing customer data properly. Maybe that will change the way corporations safeguard our data.
And I hope America wakes up to the idea that “freedom” does not mean that companies can do whatever they want with your data.
Do you have any source of information indicating that Delta was included in this breach? Every article I see at other media outlets indicates that it was only Star Alliance and Oneworld airlines that were affected. It would be helpful if you provided some supporting evidence, since those of us who are regular Delta fliers might want to know more about this.
Dave,
It would be very helpful if someone with the knowledge and expertise of such things could compose a letter for those of us less literate that we could sign and sent to our legislators.
I got a letter from AA as did the rest of my family about this. However, at least in Texas and perhaps nationally, companies that have been compromised are required to provide free credit monitoring for a year after notification. Where is that???????? Why is AA exempt from this????
Weird. I didn’t get anything from American, Delta or Alaska. My biggest concern is my TSA precheck number. All of the rest of my information is very general. 🙁