Air Canada has confirmed a data breach on its mobile app and it has affected 20,000 users.
Currently 1.7 million users are connected to Air Canada app and it affected 1 percent or 20,000 profiles may potentially have been accessed.
According to an email sent to customers,
Attackers might have accessed customers data including names, e-mail address, profile and phone numbers, but the most important Passport data with its expiry date, country of issuance, Nationality, Country of residence, Address.
Air Canada is contacting affected customers directly. If your account is on aircanada.com then you are not affected because its website is not linked to Air Canada mobile app account.
Air Canada have locked all its mobile App user accounts for a security purpose.
According to AirCanada,
We detected unusual login behaviour with Air Canada’s mobile App between Aug. 22-24, 2018. We immediately took action to block these attempts and implemented additional protocols to protect against further unauthorized attempts. As an additional security precaution, we have locked all Air Canada mobile App accounts to protect our customers’ data.
To reactivate your Air Canada mobile App account, please see the instructions emailed to you or follow the prompts the next time you log into your Air Canada mobile App.
Your credit card information is protected. As a continued best practice, we recommend you should always monitor your credit card transactions and contact your financial services provider immediately if you become aware of any unusual or unauthorized activities.
Your Aeroplan password is not stored on Air Canada’s mobile App. As a best practice, we recommend you monitor your Aeroplan transactions and contact Aeroplan immediately if you become aware of any unusual or unauthorized Aeroplan transactions.
Some FAQ’s are as follow-
Is Credit Card information safe?
Air Canada confirms that a user’s credit card information is safe. Credit cards that are saved to your profile are encrypted and stored in compliance with security standards set by the payment card industry or PCI standards. As a best practice, customers should always monitor their transactions and credit rating carefully and contact their financial services provider immediately if they become aware of any unusual or unauthorized activities.
What should I do to secure my information?
We’ve taken steps to lock down your account, and you can unlock it by following the password reset instructions in the email sent to you, or via the instructions the next time you log into your Air Canada mobile App. It is important to select a robust password as per our instructions when you reset your account.
We recommend customers regularly review their financial transactions, be aware of any changes in their credit rating, and contact their financial services provider immediately if they become aware of any unusual or unauthorized transactions.
Customers should also review Aeroplan transactions and contact Aeroplan immediately if they become aware of any unusual or unauthorized activities.