Air Canada’s App Gets Hacked, Passport Details of Over 20K Passengers Potentially Compromised
Air Canada has reported a data breach on its mobile app (Photo: Air Canada)

Air Canada has confirmed that personal information of about 20,000 customers "may potentially have been improperly accessed" via a breach in its mobile app a few days ago.

The airline sent its customers an email after it was forced to lock down access to its app when its cyber-security team detected unusual log‑in behaviour between Aug. 22‑24, 2018. In the email, Air Canada told customers that it "recently detected unusual log‑in behaviour on its mobile app” and had hence acted to restrict access to its vast database.

The company estimates that personal data of about one per cent of the 1.7 million people who use its mobile app may have been compromised. Credit card information on file would have been encrypted and is hence protected, the company says. In addition, it warned the following details may have been compromised if they had been saved on the app if the passenger used it to check-in online:

  • passport number
  • passport country of issuance
  • passport expiration date
  • country of passport issuance
  • nationality
  • country of residence
  • birth date

Passengers who use the airline’s app have been asked to reset their passwords to gain access to their accounts while the company is working to strengthen the security of its app.

Experts warn that the theft of such information would pose a serious ID fraud risk. Social security numbers, passport details and other personal identity factors can be stolen and sold on the dark web, or used by criminals for quick and easy profit gain.

According to Javelin Strategy, the number of identity theft victims in the U.S. rose to 16.7 million in 2017. The cost of all of that lost data amounts to over nearly $17 billion. 2017 was not the worst year for identity theft losses so far, however. By comparison, 2012 was the highest at a loss value of $21.8 billion.