After targeting various companies belonging to the telecom, financial, educational, and medical industries, hackers have now turned their attention to an airline to satiate their craving for data. According to the reports, some unknown attackers accessed the database of Air Canada. Supposedly, the Air Canada data breach affected around 20,000 customers using their mobile app.
Air Canada Data Breach Exposed Personal Details Of Customers
On August 28, 2018, Air Canada uploaded a notice on their website about a security breach incident. Reportedly, the airline noticed an unauthorized access to its mobile app. As a result, this Air Canada data breach exposed personal details of around 1% of the airline’s customers. As claimed by the airline, they have around 1.7 million mobile app users, which hint up to 20,000 customers affected in the incident.
According to their notice, Air Canada noticed “unusual login behavior” on their mobile app between August 22 and 24, 2018. They suspect that this unauthorized access may have inadvertently exposed customer details to the attackers. This may include personal details that the users enter on the app, such as names, contact numbers, email addresses, genders, dates of birth, residence, nationality, passport numbers, country of issuance of passports and their expiration dates, NEXUS numbers, Aeroplan number, Known Traveler Number, and credit card details.
However, the company states that the credit card numbers remained unaffected in the breach.
“Credit cards that are saved to your profile are encrypted and stored in compliance with security standards set by the payment card industry or PCI standards.”
Whereas, regarding the Aeroplan numbers, the app does not store this data. However, the airline still advises the customers to keep a check on all transactions.
Customers Locked Out Of Apps As Precaution
After noticing the unusual activity, Air Canada officials quickly blocked the unauthorized accesses. However, they also had to lock out customers from the app as a precaution.
“As an additional security precaution, we have locked all Air Canada mobile App accounts to protect our customers’ data.”
Therefore, all 1.7 million customers of Air Canada have to sign in again to the apps. Air Canada has begun sending emails to the customers with instructions to reset logins. They are also sending emails to the customers affected by the breach.
While Air Canada adequately disclosed the breach in their notice, the source behind the attack still needs to be identified. It is not yet known whether the attackers directly targeted the airline’s systems, or if Air Canada has become another victim of third-party data breach.
Let us know your thoughts in the comments section.