US Airways recently began notifying some members of its Dividend Miles frequent flyer program that a “small number” of Dividend Miles accounts were accessed by unauthorized users, who had obtained the accounts’ user names and passwords through “means as yet unknown to us.”
According to the notification letter [PDF], the information potentially accessed includes users’ names, addresses, e-mail addresses, answers to security questions, and in some cases, birthdates, Known Traveler numbers, and the last four digits of credit card numbers.
In a few cases, mileage was taken from victims’ accounts — the company is working with those customers to restore stolen Dividend Miles.
The notification letter provides each recipient with a new temporary password for their account, along with the advice to “use a strong password (e.g., containing 8 characters or more with at least one number, symbol, and/or one capital letter), and we recommend that you not select a password that you use elsewhere on the Internet.”
All those affected are being offered a free one-year membership in LifeLock‘s credit monitoring program.