It has been a rough week for frequent flyers and most of them were on the ground. Compromised data at American, United, and Delta Air Lines leaves flyers wondering what’s next?
Data Breaches Everywhere
Frequent flyer customers of just about every airline had a rough week. Atlanta-based SITA passenger service system compromised the data of frequent flyer members in most major US carriers and several abroad. Oneworld members Malaysia Airlines, Finnair, Japan Airlines join American Airlines in the breach that affected the global airline industry including passenger travel planning and booking.
Star Alliance sent messages out with its own message to frequent flyers as many member airlines were affected. In fact, 90% of the industry was part of the database. A spokesman for the company and SITA’s Geneva-based parent company advised that flight cabin and cockpit operations were available in the breach however account passwords were not thought to be compromised.
The company handles itinerary, airport operations and security, baggage, aircraft connectivity, and booking airport operations.
It’s an interesting coincidence that February 1st is National Change Your Password Day. In this instance, it wouldn’t have saved any of us because the breach happened before then, but it’s another great reminder that your password is probably out-of-date and you should change it.
If you haven’t changed your passwords in a while, it’s probably time to do so and treat this like a mandate instead of an idea.
What Should You Do?
When it comes to compromised data, airlines are at the mercy of their contractors. And so are we all, though far more unwittingly. Passengers don’t really know what companies do with their data and that can and should stop. In the same breath that we hold companies accountable for their other behaviors, we need more than a shrug of the shoulders.
When you give your personal information to Delta there’s a reasonable expectation that it’s Delta that will hold on to it, manage it and use it. Sure, maybe they will sell your email to 1-800-FLOWERS or partner with a wine club but most don’t have an impression that Delta is sharing their information with a bunch of companies that you’ve never heard of.
Companies with data breaches have a standard protocol at this point: make a statement, offer identity protection, tell customers how the data breach didn’t affect their extremely sensitive data, wait for a lawsuit, settle out of court whereby affected parties receive next to nothing for their trouble and risk.
How is it that one company controls 90% of the market anyway? Where’s the competition and where are the European market overlords to break up the monopoly?
Maybe we all need to make it clearer that this is unacceptable. We’ve seen the strength of banding together for change recently and this might be an area where we write our congresspeople to get a law that makes it clear where our data goes and holds parties responsible when it’s mismanaged.
I, like many of our readership no doubt, am tired of an apology email to state that yet again my personal information has been mismanaged by a company I trusted, who gave my information to a company I implicitly did not. I’m also annoyed by the personal risk and hassle incumbent on me, the customer, for a company’s mistake.
If you’re reading this blog, there’s an extremely high likelihood some element of your personal data and frequent flyer information (including frequent flyer name and membership number) is being sold around the world at the moment. Change your password, write your congressman, and let travel providers know this is entirely unacceptable.
What do you think? Were you affected by the breach? How many times? What do you intend to do about it?