New year, more security: You’ve been hacked, airline miles targeted

I was welcomed to the New Year with the realization that I’d been hacked.

In retrospect, it probably should’ve happen years ago because if you name a big security breach, I was part of it: Target, Yahoo, Premera and due to this recent hack, I discovered I was also lucky enough to be part of the Equifax breach.

It feels like there’s been a cyber target sign on me for years.

It’s a weird feeling of violation when someone accesses an account you have password protected… as well as infuriating and frustrating.

For the past couple of years – after being part of other security breaches – I had updated numerous passwords, but forgot one account it seems…. because who would target an airline mileage account, right? Apparently it’s not a new thing.

On New Year’s Day I was in my mileage account and discovered a new traveler had been added to my account, someone with a foreign name had entered all their information, including travel documentation numbers. This was odd since we know no one in China.

As I tried to delete that person and change passwords, my account froze and I was locked out. I was told my account was flagged two days earlier, but was never notified by the airline. I just happened to stumble upon it as I was doing some travel planning.

Two days later – and after taking multiple steps to prove to the airline I was who I said I was – I regained access, but I would no longer easily be able to book travel through my online account. In fact, for the unforeseeable future, a phone call and a pin will be required before I am allowed to book tickets using the miles I have earned.

The scam? It turns out thieves use stolen credit card numbers to buy airline miles, transfer them to a hacked account, purchase expensive airline tickets with those miles and them sell those tickets online. By the time the purchaser travels, the fraud has been discovered and the tickets are no good. Who knew?

Welcome to the world of “You’ve been Hacked.”

The hack had me paranoid so I decided to run our credit reports a few days later. I’d seen a free credit report link on our bank’s website and started there.

I started with Equifax – mainly because they’re the ones with well-publicized security issues. I completed the online process, answered some very detailed questions to prove our identity and clicked ‘view my report.’

It took a couple of minutes of going through the listed credit accounts when I yelled to my husband, “Did you ever open a Dress Barn, Target or Kohl’s account?”

Panic began to set in. I checked the last four digits of the social security number. They were correct. Then I looked at the name attached to the social security number to discover it was not my husband, but a female resident of Texas.

Crap.

I began calling Equifax. They were not helpful. I was staring at a credit report that was not my husband’s and was told I could not begin a dispute claim until they mailed me a paper copy of the credit report, which would take 7-10 days.

I politely as possible told the customer service agent, “You are not being helpful at all,” while I imagined our credit being ruined every minute of those 10 days.

I called our insurance agent to see if we had identity theft insurance. I thought we did. I was wrong. It has now been added.

I took a deep breath and returned to the free credit report link to run more reports on Experian and TransUnion. The first came up fine – right name attached to the right social security number. The credit score came up the as it had been months earlier when we navigated a refinance.

I then paid $30 to run credit reports/scores for all three reporting agencies. They all came up normal… even the Equifax report. Nowhere in any of them did they bring up a woman in Texas.

I began to relax a little. My best guess is that Equifax’s system had a glitch and it erronously showed me the credit report of a Texas woman who has the same last four social security numbers as my husband. When I tried to go back to the page with that wrong information, it wouldn’t let me access it again. [I plan to let the company know they may have another security flaw in their website.]

This experience has opened my eyes. I am a cyber target. We all are. Have you checked Equifax to see if your information was stolen? You can HERE.

145 million people had their sensitive  information stolen from Equifax, which included one of our six family members. If you’re impacted, you can sign up for credit monitoring free of charge.

It was recommended by an airline cyber fraud expert – as much of a pain as it is – to have different passwords for each financial institution account… even if your password is really strong.

I have been searching the depths of my memory for any website where I may have used the same password that got hacked last week. And yes, panic set in when I remembered using TurboTax a decade ago, but all seems fine.

I still feel violated by the attempted airline miles theft. My private account has information about my children. That’s hitting below the belt cyber criminals.

It could’ve been so much worse. I get that. So this new year, I plan to be more vigilant about online security. I thought I was, but it wasn’t good enough.

Next step? Reaching out to all credit reporting agencies to remove the fraud alert I attached to the account. This should be fun.

 

.

 

Comments are closed.

Comments

  • Dana, so sorry that happened to you! Thanks to your article I have signed up with Exquifax to monitor me!

  • Living Snoqualmie