Air Canada notified customers of a data breach involving the airline’s mobile application and potentially impacting thousands of user profiles.
Approximately 20,000 mobile application user profiles were accessed by attackers or 1% out of a total of approximately 1.7 million Air Canada mobile app user profiles.
Air Canada posted a notice online on Tuesday:
“We detected unusual login behaviour with Air Canada’s mobile App between Aug. 22-24, 2018. We immediately took action to block these attempts and implemented additional protocols to protect against further unauthorized attempts. As an additional security precaution, we have locked all Air Canada mobile App accounts to protect our customers’ data.”
Impacted profile data stored in a user’s Air Canada mobile App account includes your name, email address and telephone number.
Optional information that could have been added to your profile includes: Aeroplan number, Passport number, NEXUS number, Known Traveler Number, gender, birthdate, nationality, passport expiration date, passport country of issuance and country of residence.
The company said payment card data was not affected as that data was “encrypted and stored in compliance with security standards.”
Air Canada is taking extra precaution to reset user passwords using “improved password guidelines to further enhance security measures” and further adding an “extra layer of protection.”