The data breach of the day is the one suffered by Air Canada that may have affected 20,000 customers (1%) of its 1.7 million mobile app users.
The news was confirmed by Air Canada that revealed to have detected unusual login behaviour with Air Canada’s mobile App between Aug. 22-24, 2018, it added that financial data was protected but invited to remain vigilant for fraudulent credit card transactions.
“We detected unusual login behaviour with Air Canada’s mobile App between Aug. 22-24, 2018. We immediately took action to block these attempts and implemented additional protocols to protect against further unauthorized attempts. As an additional security precaution, we have locked all Air Canada mobile App accounts to protect our customers’ data.” reads the data breach notification.
“Your credit card information is protected. Credit cards that are saved to your profile are encrypted and stored in compliance with security standards set by the payment card industry or PCI standards. As a best practice, customers should always monitor their transactions and credit rating carefully and contact their financial services provider immediately if they become aware of any unusual or unauthorized activities.”
The company has asked Mobile+ app users to reset their accounts as a security precaution. Air Canada contacted potentially affected customers by email to notify the data breach.
Air Canada immediately took action to lock out unauthorized attempts and implemented additional security measures to protect its mobile users.
The most disconcerting aspect of the Air Canada data breach is that attackers may gave accessed additional data including customer’s passport number, passport expiration date, passport country of issuance and country of residence, Aeroplan number, known traveler number, NEXUS number, gender, date of birth, and nationality.
At the time it is still unclear the root cause of the Air Canada data breach, the company urges users to reset their passwords.
All 1.7 million accounts have been temporarily locked until the customers change their passwords.