Hackers love credit card numbers, sure, but frequent flier miles? US Airways (LCC) is notifying some members of its Dividend Miles loyalty program that miles have been stolen from some 7,700 compromised accounts. The breach was discovered on July 12, the airline said in a regulatory filing mandated under a North Carolina identity-protection law. US Airways’s largest hub is in Charlotte.
But when it comes to miles theft—a crime that has historically been committed by airline employees or travel agents—making a clean getaway with the loot is exceedingly difficult. Award tickets and upgrades must have a passenger’s name, and merchandise bought with the stolen miles must be delivered somewhere. “Every way I sort of turn in thinking about this, it just ends up being kind of a bad way to go from the standpoint of the thief,” says Tim Winship, editor of FrequentFlier.com. “I’m kind of at a loss here as to kind of what a viable way of using the miles would be.”
One option would be to sell the award tickets and put them in the names of people who believe their US Airways flight is legitimately purchased, although Winship points out that the method would still leave the possibility of tracing the transaction back to the thief. “There’s also the pressure of time,” he adds, “because you probably realize at some point that this is going to be discovered pretty quick.”
There’s no indication that the theft involved credit card data beyond the airline miles, although US Airways is offering those whose accounts were compromised a free year of credit monitoring, according to spokesman Bill McGlashen. He declines to reveal how many miles were swiped and says the missing miles balances would be restored. In its 2012 annual report, US Airways listed its liability as $177 million for outstanding award travel to its 30 million members .
Randy Peterson, editor of Inside Flyer magazine and a mileage junkie for more than 30 years, says mileage-theft schemes are nearly always foiled due to the inevitable paper trail. Thieves typically target dormant accounts as a way to siphon off miles while avoiding detection for as long as possible, he said, but all the major airline programs have devised methods of monitoring account balances closely for suspicious activity. “They’ll track this down,” Peterson says. “It’s not a bunch of 16-year-olds doing this.”