Passport details potentially lifted from Air Canada app

Airline said it has contacted customers about the data breach

AirCanada plane taking off

Air Canada has issued a warning on its website that its app has suffered a data breach that may have resulted in the theft of thousands of its customer's personal data.

The airline has undertaken an investigation into "unusual" login behaviour on its app, which has approximately 1.7 million users of which 1% or 20,000 profiles may potentially have been improperly accessed.

Advertisement - Article continues below

"We detected unusual login behaviour with Air Canada's mobile App between Aug 22 and 24, 2018," a spokesperson said on the company's website. "We immediately took action to block these attempts and implemented additional protocols to protect against further unauthorized attempts."

The airline said customer privacy and the protection of their data is extremely important. It stressed that it has multi-layered security and that it works with leading industry experts to continuously improve company practices with technology and security procedures.

According to the website warning, all credit card information is protected by encryption, but customers are being advised to monitor credit card transactions and contact financial services providers immediately if they become aware of any unusual or unauthorised activities.

As an additional security precaution, all Air Canada mobile app accounts have been locked to protect customers data, but potentially many of its users' basic profile data could have been taken, including names, email addresses and telephone numbers. There is also a worry that extra information added by users has also been accessed, such as passport details.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Airline apps are generally a lot smarter than they used to be, with the boarding pass, video playback and payment functionality being added to the usual frequent flyer points display. And all of those advanced features have to work on a plane, which is largely an offline environment, where network-based security tools won't help.

"The security models for many airline apps haven't evolved along with the user features," said Winston Bond, senior technical director EMEA at Arxan Technologies.

"We would expect to see the strong level of app protection that gets applied to mobile wallet apps and commercial video playback apps, but airline apps are still not being obfuscated and they still store all the offline data in unencrypted databases. It isn't hard for an attacker to reverse engineer these apps and work out how to extract all the user data."

This is the latest data breach resulting from a company app, last month social media app Timehop became the victim of a "network intrusion" that affected some 21 million of its users because it didn't have multi-factor authentication.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement

Recommended

Visit/software/video-conferencing/355410/zoom-50-adds-256-bit-encryption-and-ui-refresh
video conferencing

Zoom 5.0 adds 256-bit encryption to address security concerns

23 Apr 2020
Visit/security/hacking/355382/whatsapps-flaw-shoulder-surfing
hacking

WhatsApp flaw leaves users open to 'shoulder surfing' attacks

21 Apr 2020
Visit/security/cyber-security/355368/microsoft-builds-ai-to-detect-security-flaws-with-99-accuracy
cyber security

Microsoft AI can detect security flaws with 99% accuracy

20 Apr 2020
Visit/security/vulnerability/355276/businesses-brace-for-second-fujiwhara-effect-of-2020-as-patch-tuesday
vulnerability

Businesses brace for second 'Fujiwhara effect' of 2020 as Patch Tuesday looms

9 Apr 2020

Most Popular

Visit/infrastructure/network-internet/355792/intel-releases-wi-fi-and-bluetooth-driver-updates-for
Network & Internet

Intel releases Wi-Fi and Bluetooth driver updates for Windows 10

26 May 2020
Visit/infrastructure/server-storage/355785/dell-emc-poweredge-r7525-review-an-epyc-core-density-to-make
Server & storage

Dell EMC PowerEdge R7525 review: An EPYC core density to make Intel weep

26 May 2020
Visit/operating-systems/microsoft-windows/355781/microsoft-confirms-further-issues-with-troublesome
Microsoft Windows

Microsoft's latest Windows 10 update is causing yet more issues

26 May 2020