Air Canada’s mobile app victim of latest data breach

Air Canada, using some vague language, says personal information tied to “about” 20,000 customers “may potentially have been improperly accessed” after its mobile app was exploited last week. In response, Air Canada locked down all 1.7 million accounts and implored customers to change their passwords.

In an email sent to its users, Air Canada disclosed that it had “recently detected unusual log-in behaviour with Air Canada’s mobile App between August. 22-24, 2018,” according to CBC. Air Canada estimates less than 1% of its users were impacted.

“Any credit card information on file would have been encrypted and as such protected” said the company.

Other highly sensitive information required by international travel, however, could have been accessed by cyberthieves. This means that a customer’s “Aeroplan number, passport number, Nexus number, known traveller number, gender, birth date, nationality, passport expiry date, passport country of issuance and country of residence” were all made vulnerable through the breach if users had those details saved on their app.

In terms of identity theft, the government says there is a low risk of someone “filing for and receiving a new passport in their names” provided users still have a valid passport and other forms of ID.

Air Canada says the app is being monitored now and will be locked until users change their passwords. The company has not detected any malicious activity since the breach. Air Canada is in the process of contacting the 20,000 people affected directly.

Recent corporate hacking events include January’s Bell Canada data breach and April’s HBC – Saks Fifth Avenue hack.