Air Canada has revealed that a security breach, affecting 20,000 customers, may have left passport information vulnerable to cyber attackers.

The largest airline in Canada reported the breach on 28 August, and urged users of its mobile app to reset their accounts as a security precaution following “unusual login behaviour”. It has also locked all Air Canada mobile app accounts to protect customer data.

Of the 1.7 million Air Canada mobile app users, the airline has reported that approximately 1%, or 20,000 profiles, may potentially have been improperly accessed.

As well as users’ names, email addresses and telephone numbers, Air Canada has confirmed that more sensitive information, including passport numbers, may be included in the breach. Credit card information, however, is encrypted and therefore not at risk.

According to the BBC, the Air Canada data breach may have been caused by a weak password system. Air Canada’s mobile app only requires passwords to be between six and ten characters, and does not allow symbols, making passwords easy to guess. The airline has said that it has since implemented “improved password guidelines” designed to “further enhance security measures”.

In a statement, the airline said:

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

“We detected unusual login behaviour with Air Canada’s mobile App between August 22-24, 2018. We immediately took action to block these attempts and implemented additional protocols to protect against further unauthorised attempts. As an additional security precaution, we have locked all Air Canada mobile app accounts to protect our customers’ data.”

Air Canada data breach is the latest in a series of breaches

The Air Canada data breach is just one in a long line of similar cyber-attacks. Just last week, telecom company T-Mobile confirmed that it had suffered a security breach on its US servers, exposing the personal data of up to two million customers.

Earlier this month, Butlins, a UK holiday camp, also admitted that the details of 34,000 customers, including addresses and telephone numbers, may have been stolen.

This follows the news that data breach complaints made to the Information Commissioner’s Office have increased by 160% since the General Data Protection Regulation (GDPR) came into force in May.

The sheer number and scale of recent breaches calls the security practices of the companies involved into question. Last year, a report from Identity Theft Resource Center and CyberScout revealed that data breaches in the US hit a record high in 2017, increasing by 29% in the first half of the year.

Furthermore, a survey by software and cyber-security company OGL found that 51% of businesses thought they wouldn’t be able to cope with a data breach.

Commenting on the T-Mobile data breach, Chief Security Strategy Officer, SecureData Charl van der Walt, believes that the problem of data breaches could take years to untangle:

“No doubt the causes of this breach will be scrutinised in minute detail to determine whether, how and to what extent T-Mobile is responsible for this loss, and regulatory fines, SEC penalties and civil law suits may all follow. But none of this is likely to change the fundamental fact that billions of these kinds of records are being leaked to the Internet at a growing rate with all the implications for privacy, digital security and person safety that that brings.

“Addressing the problem of personal data leaks will take years or decades even and will require political will and deep commitment from business, government, and the security industry.”