Air Canada Alerts Customers of Mobile App Breach, 20,000 Users Affected
The State of Security
Air Canada announced on Wednesday that approximately 20,000 customers may have had their personal information compromised after a data breach in its mobile app. As a result, the airline says it locked down all 1.7 million accounts until users update their passwords.
In a notice to customers on its website, Air Canada says it first detected unusual login activity between August 22 and August 24, 2018:
“We immediately took action to block these attempts and implemented additional protocols to protect against further unauthorized attempts. As an additional security precaution, we have locked all Air Canada mobile App accounts to protect our customers’ data.”
The Montreal-based company – which is Canada’s largest domestic and international airline – estimates one percent of app users may have been affected, or roughly 20,000 people.
The potentially compromised data includes basic profile information, such as name, email address and telephone number. However, more sensitive information may have been impacted if a user stored it on the mobile app, including Aeroplan number, Passport number, birthdate, nationality, passport expiration date, passport country of issuance and country of residence.