Although Air Canada says that a data breach discovered last week only affects 20,000 of its mobile app accounts – including passport details – it’s requiring all 1.7 million users to reset their passwords the next time they login.
Users will see a notice asking them to reset their password as a result of too many failed login attempts the next time they try to log in. In a notice, Air Canada notes that some customers may experience a delay when logging in due to the large volume of account resets.
“We detected unusual login behaviour with Air Canada’s mobile app between Aug. 22 – 24, 2018. We immediately took action to block these attempts and implemented additional protocols to protect against further unauthorized attempts. As an additional security precaution, we have locked all Air Canada mobile App accounts to protect our customers’ data,” the notice states. The airline is also contacting potentially affected customers directly.
Air Canada says credit card information and Aeroplan loyalty program passwords were not affected by the breach. But Aeroplan account numbers, as well as name, email address, and phone number information may have been at risk. For app users storing passport information, Nexus information, Known Traveler number, as well as birthdate and nationality details, that data is potentially at risk.
“If you stored your passport information on your profile, the Government of Canada’s passport website advises that the risk of a third party obtaining a passport in your name is low if you still have your passport, proof of citizenship and supporting identity documents. Also, according to the website, the Government of Canada cannot issue a new passport to anyone based on only the information found in a passport,” the notice states.