Air Canada issues Q&A in wake of mobile app data breach

Air Canada issues Q&A in wake of mobile app data breach

MONTREAL — Air Canada says travellers can use Air Canada’s mobile app and mobile products with confidence and has posted a Q&A for any clients who have questions about this week’s data breach.

As reported yesterday at Travelweek.ca, up to 20,000 Air Canada customers may have had their personal information improperly accessed due to a breach in the airline’s mobile app. The breach prompted a lock-down on all 1.7 million accounts until consumers change their passwords.

Air Canada says it detected “unusual login behaviour” with the app Aug. 22 – 24. “We immediately took action to block these attempts and implemented additional protocols to protect against further unauthorized attempts. As an additional security precaution, we have locked all Air Canada mobile App accounts to protect our customers’ data.”

Clients are advised to follow emailed instructions to reactivate their Air Canada mobile App account, or follow the prompts the next time they log into the app.

Air Canada is assuring clients that their credit card information is protected. It also notes that Aeroplan passwords are not stored on the app.

For clients who stored passport information on their profile, the Government of Canada’s passport website advises that the risk of a third party obtaining a passport in the client’s name is low, if they still have their passport, proof of citizenship and supporting identity documents.

The website also notes that the Government of Canada cannot issue a new passport to anyone based on only the information found in a passport.

“Your privacy and the protection of your data are extremely important to Air Canada.  Our security is multi-layered, and we work with leading industry experts to continuously improve our practices as technology and security procedures evolve.”

Here’s the Q&A Air Canada issued in the wake of the breach:


Q: What happened?

A: “We recently detected unusual login behaviour with Air Canada’s mobile app between Aug. 22-24, 2018. We immediately took action to block these attempts and implemented additional protocols to block further repeated unauthorized attempts. As an additional security precaution, we have locked all Air Canada mobile app accounts to protect our customers’ data.”

Q: How many customer user profiles are affected?

A: “There are approximately 1.7 million Air Canada mobile app user profiles, and our investigation has determined that approximately one per cent or 20,000 profiles may potentially have been improperly accessed.  We are contacting potentially affected customers directly.”

Q: What steps have you taken?

A: “In addition to taking immediate action to block these attempts to gain unauthorized access, we have locked all Air Canada mobile app user accounts as a precaution.

“We contacted potentially affected customers directly by email starting Aug. 29 to tell them if we determined their account may potentially have been accessed improperly.

“We are also requiring all Air Canada mobile app users to re-set their passwords using improved password guidelines to further enhance security measures. A more robust password provides an extra layer of protection.”

Q: How do I know if my account has been improperly accessed?

A: “Starting Aug. 29, 2018, we have sent emails to customers whose accounts may have been improperly accessed.

“If you did not receive an email from Air Canada specifically advising you that your Air Canada mobile app account may have been improperly accessed, we are confident your account was unaffected during this period.  As an additional precaution however, we are contacting all Air Canada mobile app users requiring all users to re-set their passwords.”

Q: What type of user information is on the Air Canada mobile app?

A: “Basic profile data stored on the Air Canada mobile app account includes your name, email address, and telephone number.

“Information that you may add to your profile includes: Aeroplan number, Passport number, NEXUS number, Known Traveler Number, gender, birthdate, nationality, passport expiration date, passport country of issuance and country of residence.

“Credit cards that are saved to your profile are encrypted and stored in compliance with security standards set by the payment card industry or PCI standards.”

Q: Is my credit card information protected?

A: “Your credit card information is protected. Credit cards that are saved to your profile are encrypted and stored in compliance with security standards set by the payment card industry or PCI standards.  As a best practice, customers should always monitor their transactions and credit rating carefully and contact their financial services provider immediately if they become aware of any unusual or unauthorized activities.”

Q: Is my Aeroplan information safe?

A: “Your Aeroplan password is not stored in the Air Canada mobile app.  As a precaution and as a best practice, we recommend customers always review all transactions regularly, and immediately report any irregular or unfamiliar transactions to Aeroplan immediately.”

Q: Is my passport information safe?

A: “According to the Government of Canada’s passport website, the risk of a third party getting a passport in your name is low if you still have your passport, proof of citizenship, and supporting identity documents. Also according to the website, the Government of Canada cannot issue a new passport to anyone based on only the information found in a passport.”

Q: What should I do to secure my information?

A: “We’ve taken steps to lock down your account, and you can unlock it by following the password reset instructions in the email sent to you, or via the instructions the next time you log into your Air Canada mobile app. It is important to select a robust password as per our instructions when you reset your account.

“We recommend customers regularly review their financial transactions, be aware of any changes in their credit rating, and contact their financial services provider immediately if they become aware of any unusual or unauthorized transactions.

“Customers should also review Aeroplan transactions and contact Aeroplan immediately if they become aware of any unusual or unauthorized activities.

Q: Can I trust Air Canada’s mobile app and its other systems?

A: “The security of Air Canada’s systems is of paramount importance, and Air Canada takes security of its customers’ privacy and data very seriously. Air Canada approaches security in a multi-layered manner, and we also work with leading cyber security and industry experts to detect irregularities and take action quickly. We continuously improve our practices as technology and security practices evolve. Customers can continue to use Air Canada’s mobile app and mobile products with confidence.”

Q: I have an account on aircanada.com.  Is that account affected?

A: “No, your aircanada.com account is not linked to your Air Canada mobile app account.”


The number to call for more information is 1-855-541-0738.