Air Canada has confirmed that personal information of about 20,000 customers "may potentially have been improperly accessed" via a breach in its mobile app a few days ago.
The airline sent its customers an email after it was forced to lock down access to its app when its cyber-security team detected unusual log‑in behaviour between Aug. 22‑24, 2018. In the email, Air Canada told customers that it "recently detected unusual log‑in behaviour on its mobile app” and had hence acted to restrict access to its vast database.
We’re confirming Air Canada App users need to reset their passwords. Due to high volumes some customers may be experiencing delays in doing this. Customer information is protected. Thank you for your patience. More information for AC App users is here: https://t.co/rLODRWM77B
— Air Canada (@AirCanada) August 29, 2018
The company estimates that personal data of about one per cent of the 1.7 million people who use its mobile app may have been compromised. Credit card information on file would have been encrypted and is hence protected, the company says. In addition, it warned the following details may have been compromised if they had been saved on the app if the passenger used it to check-in online:
- passport number
- passport country of issuance
- passport expiration date
- country of passport issuance
- country of residence
- birth date
Passengers who use the airline’s app have been asked to reset their passwords to gain access to their accounts while the company is working to strengthen the security of its app.
Experts warn that the theft of such information would pose a serious ID fraud risk. Social security numbers, passport details and other personal identity factors can be stolen and sold on the dark web, or used by criminals for quick and easy profit gain.
According to Javelin Strategy, the number of identity theft victims in the U.S. rose to 16.7 million in 2017. The cost of all of that lost data amounts to over nearly $17 billion. 2017 was not the worst year for identity theft losses so far, however. By comparison, 2012 was the highest at a loss value of $21.8 billion.