Air Canada Mobile App Breached

1 Comment

Air Canada has today disabled access to its mobile app from all 1.7 million users and requires everyone to change their password.

Air Canada

The airline estimates that more than 20,000 app users could have had their personal information such as date of birth, gender, nationality, passport number and country of residency accessed.

You can access Air Canada’s web page for breach information here.

Here’s information that the airline has released so far:

We detected unusual login behaviour with Air Canada’s mobile App between Aug. 22-24, 2018. We immediately took action to block these attempts and implemented additional protocols to protect against further unauthorized attempts. As an additional security precaution, we have locked all Air Canada mobile App accounts to protect our customers’ data.

To reactivate your Air Canada mobile App account, please see the instructions emailed to you or follow the prompts the next time you log into your Air Canada mobile App.

Your credit card information is protected. As a continued best practice, we recommend you should always monitor your credit card transactions and contact your financial services provider immediately if you become aware of any unusual or unauthorized activities.

Your Aeroplan password is not stored on Air Canada’s mobile App. As a best practice, we recommend you monitor your Aeroplan transactions and contact Aeroplan immediately if you become aware of any unusual or unauthorized Aeroplan transactions.

If you stored your passport information on your profile, the Government of Canada’s passport website at https://www.canada.ca/en/immigration-refugees-citizenship/services/canadian-passports/security/protect-fraud.htmlExternal site which may not meet accessibility guidelines.  advises that the risk of a third party obtaining a passport in your name is low if you still have your passport, proof of citizenship and supporting identity documents.  Also, according to the website, the Government of Canada cannot issue a new passport to anyone based on only the information found in a passport.

Your privacy and the protection of your data are extremely important to Air Canada.  Our security is multi-layered, and we work with leading industry experts to continuously improve our practices as technology and security procedures evolve.

You can continue to use Air Canada’s mobile App and mobile products with confidence.

Some questions you may have are here with our answers:

What happened?

We recently detected unusual login behaviour with Air Canada’s mobile App between Aug. 22-24, 2018. We immediately took action to block these attempts and implemented additional protocols to block further repeated unauthorized attempts. As an additional security precaution, we have locked all Air Canada mobile App accounts to protect our customers’ data.

How many customer user profiles are affected?

There are approximately 1.7 million Air Canada mobile App user profiles, and our investigation has determined that approximately one per cent or 20,000 profiles may potentially have been improperly accessed.  We are contacting potentially affected customers directly.

What steps have you taken?

In addition to taking immediate action to block these attempts to gain unauthorized access, we have locked all Air Canada mobile App user accounts as a precaution.

We contacted potentially affected customers directly by email starting Aug. 29 to tell them if we determined their account may potentially have been accessed improperly.

We are also requiring all Air Canada mobile App users to re-set their passwords using improved password guidelines to further enhance security measures. A more robust password provides an extra layer of protection.

How do I know if my account has been improperly accessed?

Starting Aug. 29, 2018, we have sent emails to customers whose accounts may have been improperly accessed.

If you did not receive an email from Air Canada specifically advising you that your Air Canada mobile App account may have been improperly accessed, we are confident your account was unaffected during this period.  As an additional precaution however, we are contacting all Air Canada mobile App users requiring all users to re-set their passwords.

What type of user information is on the Air Canada mobile App?

Basic profile data stored on the Air Canada mobile App account includes your name, email address, and telephone number.

Information that you may add to your profile includes: Aeroplan number, Passport number, NEXUS number, Known Traveler Number, gender, birthdate, nationality, passport expiration date, passport country of issuance and country of residence.

Credit cards that are saved to your profile are encrypted and stored in compliance with security standards set by the payment card industry or PCI standards.

Is my credit card information protected?

Your credit card information is protected. Credit cards that are saved to your profile are encrypted and stored in compliance with security standards set by the payment card industry or PCI standards.  As a best practice, customers should always monitor their transactions and credit rating carefully and contact their financial services provider immediately if they become aware of any unusual or unauthorized activities.

Is my Aeroplan information safe?

Your Aeroplan password is not stored in the Air Canada mobile App.  As a precaution and as a best practice, we recommend customers always review all transactions regularly, and immediately report any irregular or unfamiliar transactions to Aeroplan immediately.

Is my passport information safe?

According to the Government of Canada’s passport website, the risk of a third party getting a passport in your name is low if you still have your passport, proof of citizenship, and supporting identity documents. Also according to the website, the Government of Canada cannot issue a new passport to anyone based on only the information found in a passport.

https://www.canada.ca/en/immigration-refugees-citizenship/services/canadian-passports/security/protect-fraud.htmlExternal site which may not meet accessibility guidelines.

What should I do to secure my information?

We’ve taken steps to lock down your account, and you can unlock it by following the password reset instructions in the email sent to you, or via the instructions the next time you log into your Air Canada mobile App. It is important to select a robust password as per our instructions when you reset your account.

We recommend customers regularly review their financial transactions, be aware of any changes in their credit rating, and contact their financial services provider immediately if they become aware of any unusual or unauthorized transactions.

Customers should also review Aeroplan transactions and contact Aeroplan immediately if they become aware of any unusual or unauthorized activities.

Can I trust Air Canada’s mobile App and its other systems?

The security of Air Canada’s systems is of paramount importance, and Air Canada takes security of its customers’ privacy and data very seriously. Air Canada approaches security in a multi-layered manner, and we also work with leading cyber security and industry experts to detect irregularities and take action quickly. We continuously improve our practices as technology and security practices evolve. Customers can continue to use Air Canada’s mobile App and mobile products with confidence.

I have an account on aircanada.com.  Is that account affected?

No, your aircanada.com account is not linked to your Air Canada mobile App account.

Conclusion

Seems that hackers are getting more advanced and are now trying to breach apps instead of websites, although not sure what kind of data interface this app might have been using.

Air Canada states that credit card information was not stored in this system and thus it was not hacked.

If you enjoyed this article, get our blog updates for free!

Previous articleHow To Contact Marriott Rewards & SPG During These Difficult Times (Without Being On Hold For Hours)?
Next articleLe Club AccorHotels Cathay Pacific Triple Asia Miles August 21 – November 30, 2018

YOU MIGHT ALSO LIKE