Security & Privacy

Air Canada warns 20,000 customers of unusual log-in behaviour in its mobile apps

Air Canada plane

Last week, Air Canada announced plans to partner with TD Bank, CIBC, and Visa to acquire Aeroplan for $2.35 billion. However, today, the airline has informed customers of ‘unusual log-in behaviour’ on its mobile app.

According to an email received by MobileSyrup, one percent of the 1.7 million Air Canada mobile app users were notified that their account may have been compromised and personal information may have been stolen, such as name, username, telephone number and email address. In total, approximately 20,000 user profiles have been notified.

Air Canada’s mobile apps are available on iOS, Android and BlackBerry devices.

“During our investigation, we determined during the time period from Aug. 22-24, 2018, approximately one per cent or 20,000 user profiles of our 1.7 million Air Canada mobile App accounts may have been improperly accessed. We have since determined your user profile is among these accounts,” reads the notice to those affected.

“Basic profile data stored on the Air Canada mobile App account includes your name, email address, and telephone number. Information that you may have added to your profile includes Aeroplan number, Passport number, NEXUS number, Known Traveler Number, gender, birthdate, nationality, passport expiration date, passport country of issuance and country residence.”

air canada data breach

Air Canada noted that credit card information is encrypted and secure. In addition, Aeroplan details are not stored within the app and not impacted by these ‘unauthorized attempts’ within its mobile app.

Catherin Dyer, Air Canada’s SVP and CTO, suggests users immediately reset the password on the account and apologizes for ‘any concern or inconvenience this may cause you.’

MobileSyrup has reached out to Air Canada for further comment and will update this article as needed.