Frequent flyers have been targeted in a new cyber attack as thieves stole passwords and tried to access the accounts of passengers with American and United airlines. According to the Associated Press, thieves attempted to steal miles to book free trips for themselves, or to obtain upgrades.
The airlines began notifying customers of the attack via email at the beginning of the week, in some cases issuing new AAdvantage frequent-flyer numbers. American Airlines has frozen some of the affected accounts and created new accounts, and United is pledging to restore the miles to those who had them stolen.
As many as 10,000 American Airlines accounts and up to 36 United Airlines accounts were targeted.
Although the airlines say they are unsure how hackers gained access to the usernames and passwords, they are adamant that no one hacked into their systems and that the stolen data was from “somewhere else”.
By saying they weren’t hacked, does this make it okay?
Securing your own systems is one thing, but if you share sensitive information with other companies then it is also your responsibility to make sure they take information security as seriously as you do.
Failing to ensure your partners keep your information secure is a big problem. American and United airlines have both suffered brand damage, have a lot of extra work creating new accounts and restoring miles, and in some cases have lost money because of a third party’s poor information security practices.
ISO 27001:2013, the international information security standard, provides a systematic approach to managing confidential or sensitive corporate information so that it remains secure. The Standard is increasingly being used by organizations throughout the US as a way of winning new business as well as proving to stakeholders that they take information security seriously. The number of certificates issued in 2013 increased 36% on the previous year.
A copy of the official standards can be purchased here.
For further information on ISO 27001 and for fixed-price ISO 27001 solutions, follow this link: www.itgovernanceusa.com/iso27001-solutions.aspx