Air Canada Mobile App Data Breach: Passport Details Affected

A serious data breach affecting Air Canada has been announced. The company’s mobile app has been affected, and as a result, its 1.7 million users are now forced to change their passwords. Despite this precaution, the number of affected customers is 20,000, as it appears that these accounts were accessed by hackers.

We detected unusual login behaviour with Air Canada’s mobile App between Aug. 22-24, 2018. We immediately took action to block these attempts and implemented additional protocols to protect against further unauthorized attempts. As an additional security precaution, we have locked all Air Canada mobile App accounts to protect our customers’ data, the company wrote in a statement.

It hasn’t been specified how the breach took place. It may be that the attackers used previously compromised login credentials sold on the Dark Web, or that the breach was preceded by a hack of Air Canada’s systems. The good news is that’s accounts are not linked to the mobile app accounts, so they don’t need to be changed. Affected mobile app accounts’ passwords were invalidated, and emails were sent out to potentially affected customers.

Type of Information Compromised in the Breach

What’s in an Air Canada mobile app account? User’s name, email address, telephone number, and payment card number. However, some users may have chosen to add further details to their accounts, such as Aeroplan number, passport number, passport, expiration date, passport country of issuance, country of residence, NEXUS number, Known Traveler Number, gender, birthdate, and nationality. In other words, some accounts may have contained plenty of personal details.

According to the company, payment card numbers are intact as they are encrypted and stored in compliance with PCI standards. These numbers are safe, Air Canada reassures. However, all the other personal details the user may have chosen (Read more...)

*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum | authored by Milena Dimitrova. Read the original post at: