Air Canada confirmed on Wednesday, August 29, that its mobile app suffered a breach resulting in around 20,000 customers. It has 1.7 million mobile app users across the work using its mobile app.
The company stated that the breach was detected as a result of unusual login behaviour on its mobile app from August 22 to August 24. During this period there is a possibility that personal information of some of its customers may have been improperly accessed.
Reports suggest the data compromised contains basic information such as customers’ names, email addresses, phone numbers, and other information added by the customers on their profiles.
Cause of Concern As Passport Numbers Exposed in Air Canada Data Breach
It seems the hackers have also been able to access additional information which includes customers passport data, which includes passport number, passport expiry date, country issuing the passport and country of residence, aeroplane number, traveller number, NEXUS number, gender, date of birth and nationality. This information may vary from person to person depending on what details they have mentioned in their profile saved the Air Canada mobile app.
The customers have been assured by the airline that their credit card information is safe as it was encrypted and stored in compliance with security standards set by the payment card industry or PCI standards.
Though as a preventive measure customers have been advised to monitor their credit card transactions and contact their financial services provider immediately in case of any unusual or unauthorized activity.
The data breach has affected nearly 1% of its 1.7 million customers who use the mobile app ie nearly 20000 users were affected as a result of the security breach.
The airline is not sure how the data breach has occured, it seems to be a direct breach of Air Canada’s systems, or perhaps due to the reuse of passwords from other sites. The airlines follows a good password policy and recommends password to be 10 character long and have at least one special character in it.
To avoid any further incident the airlines has shut down all 1.7 million accounts till all users (affect as well as those not affected) reset their old passwords, as a precautionary measure.
Air Canada has personally contacted the potentially affected users via email from August 29, informing them about the potential danger of their accounts being hacked.