Air Canada said that over 20,000 profiles saved into their mobile app have been compromised and info such as customer’s Aeroplan number, passport number, Nexus number, known traveller number, gender, birth date, nationality, passport expiration date, passport country of issuance and country of residence could have been accessed.
After discovering the breach Air Canada has shut down the app, and is forcing all 1.7 million app users to change their passwords immediately.
Chester Wisniewski, cyber security specialist, said in an interview with CBC:
“You never want someone to know your name, your birthday and your passport.
I suspect hackers stumbled across a bug in the API.
I don’t think they were targeting Air Canada or they were intent on stealing specific info, there’s a lot of hackers who are just scrolling the internet looking for doors that are ajar. If they find a door that’s open they start monkeying around.”
Some users complained not being able to login, but some others, like this Canadian satire site cracked jokes.
Air Canada says 20,000 mobile app users have been affected by a data breach. On the upside, the hackers might know where your lost luggage is.
— 22Minutes (@22_Minutes) August 29, 2018
Air Canada said that they have not detected improper use of stolen passwords. Yet.
Gabor Lukacs, Canadian air passenger rights advocate, mentioned that he would recommend people affected to complain to the Office of the Privacy Commissioner, Canada’s watchdog that provides advice and information for individuals about protecting personal information.
“When a corporation collects your data, they have a responsibility to keep it safe. When they fail, it is a matter for the Office of the Privacy Commissioner to investigate.
People may also wish to start a class action against Air Canada in this situation.”
Cyber security is becoming a big issue in Canada, where a recent report from Deloitte mentioned that many cyber security jobs in Canada go unfilled due to lack of experienced professionals.