Air Canada has confirmed that they have been affected by a data breach on their mobile app and it had affected around 20,000 people or at least 1 percent of their 1.7 million app users.
The company had observed unusual log-in behavior between August 22-24. They believe that the attackers may have compromised basic profile information which includes names, email addresses and phone numbers and also more sensitive data such as passport details, NEXUS numbers for trusted travelers, gender, dates of birth, nationality, country of residence etc which the users may have added to their profiles.
It is unknown whether there was a direct breach of Air Canada’s systems or if hackers attempted to reuse passwords from other sites that may have also been used on Air Canada’s mobile app.
The airlines however confirmed that the credit card data was not accessed as it was encrypted and stored in compliance with security standards. But still they recommend all the affected customers to monitor their credit card transactions and contact their financial services provider immediately if they found any unauthorized activity.
The airline encourages users to reset their passwords using strong ones which should be at least 10 characters long and contain one symbol.
As a precaution step the company has locked down all 1.7 million accounts until all of its customers—even those who were not affected—change their passwords.
Air Canada has contacted all the affected customers directly by email starting August 29 to tell them if their account has potentially been accessed by hackers improperly.