Air Canada announced on Wednesday that approximately 20,000 customers may have had their personal information compromised after a data breach in its mobile app. As a result, the airline says it locked down all 1.7 million accounts until users update their passwords.

In a notice to customers on its website, Air Canada says it first detected unusual login activity between August 22 and August 24, 2018:

“We immediately took action to block these attempts and implemented additional protocols to protect against further unauthorized attempts. As an additional security precaution, we have locked all Air Canada mobile App accounts to protect our customers’ data.”

The Montreal-based company – which is Canada’s largest domestic and international airline – estimates one percent of app users may have been affected, or roughly 20,000 people.

The potentially compromised data includes basic profile information, such as name, email address and telephone number. However, more sensitive information may have been impacted if a user stored it on the mobile app, including Aeroplan number, Passport number, birthdate, nationality, passport expiration date, passport country of issuance and country of residence.

The company noted credit card information was encrypted and protected from the breach. Additionally, aircanada.com accounts were not affected.

Air Canada says it has notified impacted customers directly via email.

Meanwhile, all other Air Canada mobile app users are urged to reset their passwords. The company says it has added improved password guidelines to further enhance security measures.

Air Canada joins several other major airlines that have fallen victims to data breaches recently. Earlier this year, Delta reported customer data was compromised after a cyber incident involving a third-party customer support vendor. In March 2017, Virgin America notified customers and employees of unauthorized access to their personal information.