The compromised accounts were deactivated, and U.S. law enforcement officials are investigating, the Tempe, Arizona-based airline said today in an e-mailed statement. A filing with North Carolina state officials gave the number of affected accounts and said the breach was discovered July 12.
US Airways’ frequent-flier awards can be redeemed for travel as well as for newspaper and magazine subscriptions, according to the airline’s website. The Dividend Miles program had 30 million members as of February, the fourth-most in the U.S., according to industry website FrequentFlyerServices.com.
“There’s definitely a financial gain element to it,” said Barmak Meftah, chief executive officer of computer-security company AlienVault Inc. in San Mateo, California. “There’s also an element of disrupting or creating a bad brand for the airline.”
Hackers also gained access to the last four digits of some customers’ credit cards, Fernand Fernandez, US Airways’ managing director for marketing and customer loyalty, said in a letter to Dividend Miles customers. Fernandez said US Airways has no reason to believe that customers’ full credit card information was accessed.
US Airways said it notified credit bureaus, federal and state agencies, and is working with customers to protect their accounts. Dividend Miles accounts don’t contain Social Security numbers, the carrier said. Customers who notice unauthorized changes on their accounts should contact the Dividend Miles service center, the airline said.
The affected customers received a free one-year membership to LifeLock, a credit monitoring program, to help detect misuse of their personal information, Fernandez wrote.
US Airways, the fifth-largest U.S. carrier, is poised to merge with bankrupt AMR Corp.’s American Airlines, putting the combined company atop the global industry by traffic. AMR’s reorganization plan is due to go to U.S. Bankruptcy Court on Aug. 15, and U.S. antitrust regulators are studying the tie-up.