Air Canada has confirmed a data breach on its mobile app, which the airline said may affect 20,000 people — or 1 percent — of its 1.7 million app users.
The company said it had “detected unusual log-in behavior” occurring between August 22-24.
According to an email to customers, attackers may have accessed basic profile data, including names, email addresses and phone numbers — but also more sensitive data that users may have added to their profiles, including passport numbers and expiry date, passport country of issuance, NEXUS numbers for trusted travelers, gender, dates of birth, nationality and country of residence.
But credit card data was not accessed, the airline said.
It’s not known if there was a direct breach of Air Canada’s systems or if hackers attempted to reuse passwords from other sites that may have also been used on Air Canada’s mobile app.
When reached, an Air Canada spokesperson did not comment on the breach, referring only to a FAQ on the airline’s website.
Air Canada joins the ranks of other airlines that have admitted data breaches in recent months. Delta said earlier this year that customer data was stolen after a security lapse at one of its third-party customer support service vendors. And, last year Virgin admitted it a hacker broke into its internal network, prompting the company to force-reset staff passwords.