Air Canada Data Breach. Canadian Airline, Air Canada, has been forced to issue a password reset to all of its 1.7 million users of its mobile app after a huge number of accounts were compromised by hackers last week.
The company notified its customers of a data breach involving its iOS, Android and BlackBerry mobile application which may have led to the exposure of passport details belonging to around 20,000 customers, approximately 1% of its 1.7 million app users.
The airline released a statement on Wednesday (29 Aug 18) via its website informing the public of the data breach. The company said it detected “unusual login behavior” on the app between August 22 and 24. In a mail to the affected customers, Air Canada says all 1.7 million users will have to reset their account passwords.
“Due to the lаrgе volume, ѕоmе customers mау experience a dеlау іn the process tо сhаngе thеіr passwords. Wе ask customers tо bе patient аnd assure thеm their data іѕ protected аnd nоt accessible tо unauthorized uѕеrѕ.”
Yоur privacy аnd thе protection оf your data аrе extremely іmроrtаnt tо Air Canada,” the airline company said. “Our ѕесurіtу іѕ multilayered, аnd we work wіth leading іnduѕtrу experts tо continuously іmрrоvе our рrасtісеѕ аѕ technology аnd security рrосеdurеѕ evolve.
Resets will automatically happen when a user logs in to the mobile app. Password resets can also be initiated via the Air Canada portal.
Air Canada, apparently, has downplayed the effects of the incident stating that the risk of a third-party individual obtaining a passport in your name is minimal on the proviso that you still have your passport, your identity documents and proof of citizenship.
The Canadian Government cannot issue a new passport tо аnуоnе based only on the information found іn a passport
thе company added.
Despite the Canadian company taking “immediate action” so as to block the attempt to compromise its system, experts warned that users of the Air Canada mobile app who have had their passport details entered into the product may have had that data stolen.
Many experts believe that such information theft poses a serious ID fraud risk. For those 20,000 people believed to be directly affected by the attack, two types of personal information were put at risk:
- Basic Profile Data such as name, telephone numbers, email address and Air Canada Aeroplan account number.
- Sensitive Data users might have also added to their profiles, such as passport number and expiration date, passport country of issuance, NEXUS number (a system in some countries allowing rapid border crossing for trusted travelers), traveler number, date of birth, gender, nationality and country of residence.
However, the airline stated that credit card data were not compromised because they were encrypted. Passwords associated with the airline’s Aeroplan points program were also not at risk, but warns users to still monitor transactions on their accounts.
Air Canada joins the ranks of companies that have admitted data breaches in recent months. The airline emphasized that it is adopting improved password guidelines. It’s not yet known if the attack was a direct breach of Air Canada’s systems or the hackers reused users’ passwords from other sites on Air Canada’s mobile app.