Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Canada Privacy Security

Air Canada Mobile App Breach Affects 20,000 People (www.cbc.ca) 15

Posted by BeauHD from the locked-down dept.
Air Canada told customers in an email today that the personal information for about 20,000 customers "may potentially have been improperly accessed" via a breach in its mobile app. As a precaution, the airline locked down all 1.7 million accounts until customers change their passwords. CBC.ca reports: The app stores basic information such as a user's name, email address and telephone number, all of which could have been improperly accessed. Any credit card information on file would have been encrypted and as such protected, the company says. But additional data such as a customer's Aeroplan number, passport number, Nexus number, known traveller number, gender, birth date, nationality, passport expiration date, passport country of issuance and country of residence could have been accessed, if users had them saved in their profile on the app. Air Canada said it hasn't detected any improper log-in activity since last Friday, and it is in the process of contacting the 20,000 people directly affected.
This discussion has been archived. No new comments can be posted.

Air Canada Mobile App Breach Affects 20,000 People More

Air Canada Mobile App Breach Affects 20,000 People

Comments Filter:

  • they need to give free identity monitoring (Score:3)

    by Joe_Dragon ( 2206452 ) on Wednesday August 29, 2018 @07:06PM (#57221066)

    as some of that info can be used for fraud

  • The article shares little details. The so called app flaw seems to be a flow in server-side API, but we are not told about its nature and criticity.

    • Re: (Score:2)

      by chrish ( 4714 )

      The email they sent out was similarly useless. "Someone was up to no good, but nobody needs to worry about anything!"

      Also, the link they provided to change your credentials doesn't work. I didn't want to do it via the app because I use a password manager, and doing useful things on a touch device is a pain in the ass.

  • I'd think Ryanair would be the first.

  • Air Canada states they haven't detected any improper login attempts, etc since the breach was discovered.

    They probably aren't going to either ... people who steal credentials from insecure servers generally wait about six months before they use the data against the victims. This makes the source of the purloined data more difficult to detect.

    Unlike in the US, Canadian Social Insurance Numbers (equivalent to Social Security numbers in the US) are not generally used as ID. The Government of Canada warns citiz

Slashdot Top Deals

The use of money is all the advantage there is to having money. -- B. Franklin

Close