Some 20,000 Air Canada customers woke up last week to learn their personal information may have been compromised after a breach in the airline’s mobile app, which prompted a lock-down on all 1.7 million accounts until their passwords could be changed. Air Canada said it detected unusual login activity between Aug. 22 and Aug. 24 and tried to block the hacking attempt, locking the app accounts as an additional measure, according to a notice on its website. One thing is clear: cyberattacks and data breaches, in their many forms, seem to be much more frequent and a sign of our digital age.
Approximately 1.7 million Air Canada customers who use the airline’s web app have been instructed to reset their passwords after the company admitted it suffered a serious security breach. It looks as if at least 20,000 of those customers had data stolen. In a news release, the airline explained that it noticed unusual login activity between Aug. 22-24 and immediately took action. All users of the app — about 1.7 million customers — were locked out of their accounts until they update their passwords.
The company says that Aeroplan numbers, passport and NEXUS numbers, birth dates, nationalities and countries of residence could have been accessed if users saved them in their account profile. In addition, the mobile app stores basic information including a user’s name, email and phone numbers although Air Canada says credit card information is encrypted and would be protected from a breach.Air Canada is urging customers to monitor their credit card activity and immediately contact their financial institutions if they notice anything unusual. Air Canada also added that the breach does not affect those who have an account on aircanada.com. It’s just their mobile app.
We are living in a new world of cybersecurity and privacy awareness and we need to evolve in the way we do business today and into the future. I would think, based on all of the past breaches that most companies who are online and have personal information stored on you are vulnerable. Not even the big tech companies like Apple, Microsoft, and Google are immune to these data breaches. With that in mind, we need to be proactive when using online services these days. To start with, you need to make sure you use different passwords for each and every online service.
First and foremost, make sure you know what businesses have your data and how they use it. If a company informs you of a breach, change your account passwords, be mindful of phishing emails and if you believe your credit or debit card numbers have been compromised, reach out to the credit card company or banking institution and request a new card. Keeping an eye on your credit score for a period of time doesn’t hurt, either.
Here in Canada, there are different regulators responsible to ensure that personal data is managed appropriately. If you feel a company is not using your personal data as per your expectations or if you believe your data has been compromised, you have the right to reach out to the Office of the Privacy Commissioner of Canada. You can find more information on their website at: (https://www.priv.gc.ca).
In the case of complaints around email communications, the Canadian Anti-Spam legislation (CASL) is enforced by the Canadian Radio-television and Telecommunications Commission (CRTC) and they take these complaints very seriously. You can find more information on their website at: (https://crtc.gc.ca)