Breach, Data Security

United notifies members of access gained to MileagePlus accounts

United said it has not been breached, but the airline is notifying MileagePlus members that an unauthorized party attempted to access their accounts beginning in early December 2014 using usernames and passwords obtained from a third-party source.

A United spokesperson told on Thursday that the unauthorized party was able to make mileage transactions on fewer than three dozen of United's 95 million MileagePlus accounts, and that affected accounts are being temporarily suspended.

According to a notification letter, the unauthorized party was able to obtain MileagePlus numbers, account balances and Premier statuses. While there is no indication that other data was accessed, information such as mailing addresses and the last four digits of credit card numbers could have been viewed.

Using the same credentials for multiple accounts enabled the incident, the spokesperson said, adding United is not the only company where attempts to access accounts were made.

[An earlier version of this story did not include the time period when attempted access to accounts began].

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.