Air Canada issued a security notice for Air Canada Mobile App users as they detected unauthorized access to the mobile App between Aug. 22-24, 2018. It appears more than 20,000 user accounts have been accessed without proper authorization.
This could get interesting… was there an #infosec #breach at @AirCanada ? Just received the attached notice… How quickly does this grow from not affected to something bigger? System also seems to be throwing errors when trying to reset password.
— Josh Diakun (@iam_joshd) August 29, 2018
The attacker can extract the data stored in the Air Canada mobile App that includes name, email address, and telephone number. Also, the additional data such as Aeroplan number, Passport number, NEXUS number, Known Traveler Number, gender, birthdate, nationality, passport expiration date, passport country of issuance and country of residence.
Air Canada confirm that the payment card details are encrypted and stored as per the security standards set by the payment card industry or PCI standards.
We’re confirming Air Canada App users need to reset their passwords. Due to high volumes some customers may be experiencing delays in doing this. Customer information is protected. Thank you for your patience. More information for AC App users is here: https://t.co/rLODRWM77B
— Air Canada (@AirCanada) August 29, 2018
If your account is affected then you will be receiving an email from Air Canada with instructions required to reactivate your Air Canada mobile App account, as a precautionary measure they have blocked all Air Canada mobile App user accounts and asked user’s to reset their accounts as a security precaution.
Air Canada confirm’s that the Aeroplan information was not stored in the app, so they are safe and they recommended user’s to you “monitor your Aeroplan transactions and contact Aeroplan immediately if you become aware of any unusual or unauthorized Aeroplan transactions.”
If your Air Canada account not linked with Air Canada mobile App account, then your account is not affected with the data leak.
Air Canada recommend’s customers to regularly review their financial transactions, be aware of any changes in their credit rating, and contact their financial services provider immediately if they become aware of any unusual or unauthorized transactions.