Friday, February 14, 2025
HomeData Breach20,000 Users Affected With Air Canada Mobile App Data Breach

20,000 Users Affected With Air Canada Mobile App Data Breach

Published on

SIEM as a Service

Follow Us on Google News

Air Canada issued a security notice for Air Canada Mobile App users as they detected unauthorized access to the mobile App between Aug. 22-24, 2018. It appears more than 20,000 user accounts have been accessed without proper authorization.

The attacker can extract the data stored in the Air Canada mobile App that includes name, email address, and telephone number. Also, the additional data such as Aeroplan number, Passport number, NEXUS number, Known Traveler Number, gender, birthdate, nationality, passport expiration date, passport country of issuance and country of residence.

Air Canada confirm that the payment card details are encrypted and stored as per the security standards set by the payment card industry or PCI standards.

If your account is affected then you will be receiving an email from Air Canada with instructions required to reactivate your Air Canada mobile App account, as a precautionary measure they have blocked all Air Canada mobile App user accounts and asked user’s to reset their accounts as a security precaution.

Air Canada confirm’s that the Aeroplan information was not stored in the app, so they are safe and they recommended user’s to you “monitor your Aeroplan transactions and contact Aeroplan immediately if you become aware of any unusual or unauthorized Aeroplan transactions.”

If your Air Canada account not linked with Air Canada mobile App account, then your account is not affected with the data leak.

Air Canada recommend’s customers to regularly review their financial transactions, be aware of any changes in their credit rating, and contact their financial services provider immediately if they become aware of any unusual or unauthorized transactions.

Also Read

Hackers Selling Airport Security System Credentials on Dark Web for $10

Australian Airport Hacked: Significant Amount of Security Data Stolen by Vietnamese Hacker

Boeing 757 Airplanes are Vulnerable to Remote Hacking

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

New Microsoft Windows GUI 0-Day Vulnerability Actively Exploited in the Wild

A newly discovered vulnerability in Microsoft Windows, identified by ClearSky Cyber Security, is reportedly...

Burp Suite Professional / Community 2025.2 Released With New Built-in AI Integration

PortSwigger has announced the release of Burp Suite Professional and Community Edition 2025.2, introducing...

Arbitrary File Upload Vulnerability in WordPress Plugin Let Attackers Hack 30,000 Website

A subgroup of the Russian state-sponsored hacking group Seashell Blizzard, also known as Sandworm,...

BadPilot Attacking Network Devices to Expand Russian Seashell Blizzard’s Attacks

A newly uncovered cyber campaign, dubbed "BadPilot," has been linked to a subgroup of...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Global IoT Data Leak Exposes 2.7 Billion Records and Wi-Fi Passwords Worldwide

A massive security lapse has exposed over 2.7 billion records, including sensitive Wi-Fi credentials,...

OpenAI Data Breach – Threat Actor Allegedly Claims 20 Million Logins for Sale

Threat actors from dark web forums claim to have stolen and leaked 20 million...

Globe Life Ransomware Attack Exposes Personal and Health Data of 850,000+ Users

Globe Life Inc., a prominent insurance provider, has confirmed a major data breach that...