If you fly Air Canada and use their mobile app, it may be time to change your password. The company recently announced that between August 22nd and August 24th of this year, they detected "unusual log-in behavior," and that a small fraction (some 20,000) of their 1.7 mobile app users may have had their data compromised as a result.
The company stressed that no credit card information was compromised, but that doesn't make the breach much less damaging.
The exposed data included:
- Customer name
- Physical address
- Email address
- Phone number
- Any information an individual customer added to his or her profile
Worst of all is the fact that passport numbers were also exposed. Using that information, a hacker could easily gain access to the countries that a person has been to, when the passport expires, country of residence, the flight numbers of any flights they've taken, their gender, birthday and more.
As is usually the case when events like this occur, Air Canada has apologized to their customers and has reached out to all of their potentially impacted users.
Even if you didn't get a notification from Air Canada, it would be prudent to change your password as soon as possible.
The company has not released any details about exactly how the breach occurred, and the matter is still under investigation.
Note that in terms of scope and scale, this is a fairly small breach. The 20,000 users represents about 1 percent of the total user base. Even so, the data stolen has the potential to be quite damaging. Even after you change your password, since email addresses were compromised during the breach, be on the alert for phishing emails, as the group responsible may attempt to leverage the information they have to get even more.