If you are an Air Canada flyer and have tried to access their mobile app, you may have found that you are unable to access it over the past week and are being forced to change your password. That is because Air Canada has identified that there has been a security breach between August 22 and 24, and some of the personal information of app users ‘may have been compromised.’
To be on the safe side, Air Canada is forcing all 1.7 million app users to change their password, to ensure their accounts will be safe in the future.
Air Canada says that only around 1% (so ~20,000) of users have been affected.
They have not disclosed exactly what personal information may have been compromised, however it may include users’ names, email addresses and telephone numbers. If users chose to save the additional following information to their app profile, it may have been compromised:
- Aeroplan membership number
- Known Traveller Number
- Passport number (and country of issue and expiry date)
- Nexus number (Canadian-USA Trusted Traveller Number)
- Date of birth
- Country of residence
Any credit card information stored is encrpyted, and has not been improperly accessed.
Air Canada has released the following statement for app customers:
We detected unusual login behaviour with Air Canada’s mobile App between Aug. 22-24, 2018. We immediately took action to block these attempts and implemented additional protocols to protect against further unauthorized attempts. As an additional security precaution, we have locked all Air Canada mobile App accounts to protect our customers’ data.
To reactivate your Air Canada mobile App account, please see the instructions emailed to you or follow the prompts the next time you log into your Air Canada mobile App.
Your credit card information is protected. As a continued best practice, we recommend you should always monitor your credit card transactions and contact your financial services provider immediately if you become aware of any unusual or unauthorized activities.
Your Aeroplan password is not stored on Air Canada’s mobile App. As a best practice, we recommend you monitor your Aeroplan transactions and contact Aeroplan immediately if you become aware of any unusual or unauthorized Aeroplan transactions.
If you stored your passport information on your profile, the Government of Canada’s passport website at https://www.canada.ca/en/immigration-refugees-citizenship/services/canadian-passports/security/protect-fraud.htmlExternal site which may not meet accessibility guidelines. advises that the risk of a third party obtaining a passport in your name is low if you still have your passport, proof of citizenship and supporting identity documents. Also, according to the website, the Government of Canada cannot issue a new passport to anyone based on only the information found in a passport.
Your privacy and the protection of your data are extremely important to Air Canada. Our security is multi-layered, and we work with leading industry experts to continuously improve our practices as technology and security procedures evolve.
You can continue to use Air Canada’s mobile App and mobile products with confidence.
Air Canada says it is directly contacting the roughly 1% of customers who have had their information accessed by email, and has locked all accounts (forcing the password reset) as an additional security measure.
Existing passwords for desktop accounts are not stored on the app so have not been compromised.
They assure those members who do not receive an email that their account has not been improperly accessed.
Security breaches are becoming more and more common, and I guess it’s lucky that ‘only’ about one percent of members were affected, even though this was 20,000 members. I hate having to change my password for anything unnecessarily, as it is then different to my other passwords. I regularly have trouble remembering what it is, and end up having to continually change it.
But kudos to Air Canada for being so open, proactive and honest about the problem, and consequences, and what they are doing to manage it. This is awful publicity for them.
Have you been contacted by Air Canada about your mobile app account?
(Tip of the hat to LoyaltyLobby)