Canada’s largest airline confirms its mobile app data has been breached.
The airline’s customers who use the Air Canada mobile app, have been notified about a cyberattack that occurred at some point last week during August 22 – 24.
An estimated 20,000 of its 1.7 million app users may have been affected.
As many as 20,000 Air Canada mobile app users have been affected, according to the company. This is approximately 1% of its 1.7 million app users. The airline became aware of the app data breach when it noticed “unusual” login behavior.
Air Canada reached out to its customers via email, letting them know of the cyberattack. In the email, the company stated that the attackers may have gained access to basic user profile data. This includes names, phone numbers and email addresses.
However, the attackers might have also accessed more sensitive user data, such as gender, date of birth, country of residence, and nationality, as well as passport numbers and expiry date, passport country of issuance, and NEXUS numbers for trusted travelers.
Credit card data wasn’t accessed in the Air Canada mobile app data breach.
Although sensitive information may have been stolen by whoever hacked into the airline’s mobile app, apparently credit data was not among the information that was stolen.
Air Canada is still investigating the cyberattack and has yet to determine if there was a direct breach of its systems or if hackers merely attempted to reuse passwords from other sites that may have also been used on the company’s mobile app.
Principal research scientist at cybersecurity firm Sophos, Chester Wisniewski, thinks that it is not likely Air Canada was targeted by hackers. Instead, he thinks the breach was the handy work of an enterprising cybercriminal.
“I suspect hackers stumbled across a bug in the API,” he said, as reported by CBC News. “I don’t think they were targeting Air Canada or they were intent on stealing specific info, there’s a lot of hackers who are just scrolling the internet looking for doors that are ajar. If they find a door that’s open they start monkeying around.”
Wisniewski believes any stolen information isn’t likely to cause problems. That being said, he does think that the security of the Air Canada mobile app could be improved.