Due to a cybersecurity breach on a Canadian airline app, about 1.7 million users will need to change their passwords.
Air Canada announced on August 28 that the company detected unusual login behaviour on their mobile app between August 22 and 24. The airline took immediate action to block the unauthorized attempts and added more protection protocols. Furthermore, all Air Canada mobile app accounts have been locked as a precaution to protect customer data.
All Air Canada mobile app users will receive emailed instructions or a login prompt to reset their accounts. Some delays in changing passwords may be experienced due to high volumes of usage.
There are approximately 1.7 million users of the app and the company has determined through an investigation that about one percent (or 20,000 profiles) could have potentially been accessed. Beginning today (August 29), any potentially affected customers will be contacted directly by email.
According to the company, all credit card information is protected through encryption though they still recommend monitoring credit accounts.
Aeroplan passwords are not stored on the mobile app.
If passport information was stored on a profile, the federal government advises that the risk of a third-party obtaining a passport in someone else's name is low if you still have your passport, proof of citizenship, and supporting identity documents.
Information that could have been stored on profiles includes name, email address, telephone number, Aeroplan number, passport number, NEXUS number, known-traveller number, gender, birthdate, nationality, passport expiration date, passport country of issuance, and country of residence.