United said it has not been breached, but the airline is notifying MileagePlus members that an unauthorized party attempted to access their accounts beginning in early December 2014 using usernames and passwords obtained from a third-party source.
A United spokesperson told SCMagazine.com on Thursday that the unauthorized party was able to make mileage transactions on fewer than three dozen of United’s 95 million MileagePlus accounts, and that affected accounts are being temporarily suspended.
According to a notification letter, the unauthorized party was able to obtain MileagePlus numbers, account balances and Premier statuses. While there is no indication that other data was accessed, information such as mailing addresses and the last four digits of credit card numbers could have been viewed.
Using the same credentials for multiple accounts enabled the incident, the spokesperson said, adding United is not the only company where attempts to access accounts were made.
[An earlier version of this story did not include the time period when attempted access to accounts began].