Asia Miles to introduce new passwords following cybertheft
Company says reimbursed accounts are 'special cases' not sign of liability
Members of the Asia Miles airline loyalty programme will be asked to set tougher passwords after the company reimbursed passengers who fell victim to cybertheft.
Members of the scheme will be asked to set passwords involving both letters and numbers, instead of the present six-to-eight digit numeric passwords.
The move follows the arrests of four Hong Kong residents in January in connection with the theft of 4.7 million miles and gifts worth HK$100,000 from 121 Asia Miles accounts. No further arrests have been made since, police said yesterday.
In a written reply to the last night, the company said the alphanumeric password format would be introduced in the second quarter of this year, as part of tighter security measures in view of "the suspected fraudulent transaction cases".
A source in Asia Miles told the an internal investigation would focus on at least two areas, including an internal data breach and members being duped using digital methods.
One unhappy member, Sam Hon, lost 110,000 miles in two separate hacks - with 80,000 miles used to redeem a return ticket to Milan on January 28, followed by 30,000 miles transferred out of his account on February 11.
"In both cases, the miles were transferred to people whose names follow the [Putonghua] spelling," Hon said. "Over the past week or so, [Asia Miles] have refused to reimburse me the miles, saying the company has no such policy."
Yesterday, the company performed a U-turn and told Hon he would be reimbursed. But Hon was upset that the company had neither apologised nor admitted negligence.
According to the email he showed the , it said: "If police investigations prove that you are accountable for the transactions concerned … Asia Miles reserves the right to debit 110,000 miles from your account."
He urged Asia Miles to make immediate improvements as his Asia Miles account contains sensitive personal information, including his passport number and home address.
Set up by Cathay Pacific in 1999, Asia Miles boasts more than seven million members and 25 airline partners, including Cathay and Dragonair.
Asia Miles said it was cooperating with police and that it would not comment on the suspected theft as investigations were ongoing. But the company stressed that the reimbursement was an exception.
"Since a small number of such members have special needs and situations, we have already temporarily recredited the suspected stolen miles in relevant accounts," it said.
"This is a very special handling of Asia Miles in reacting to members' concern, and not by any means an admittance of liability by Asia Miles for any unusual transactions that have taken place within these particular members' accounts."
