Air Canada is requesting a password reset of its entire 1.7 million user base for its mobile app. This was caused from the detection of unusual login behavior between August 22nd to August 24th, leading to suspect that 20,000 user accounts held within the aircraft’s mobile app had been compromised.

The information that may have been leaked within the breach possibly included customer’s passport number; passport expiration date; passport country of issuance and residence; NEXUS number; Aeroplan account number; and personal details such as gender, date of birth, and nationality. Payment card information was protected and not believed to have been exposed in the breach.

It should be noted that Air Canada was able to detect the suspicious login activity almost immediately, which then led to the discovery of the breach.

Proficio Threat Intelligence Recommendations:

  • Log hosted web application activity to enable monitoring and auditing of the app.
  • Have a monitoring solution in place for web application authentication activity.
  • Have a breach notification procedure in place for hosted web applications
  • Users should use secure and complex passwords to protect their accounts

Summary of Details of Breach – Click Here

Recent Blog Posts

Stay Ahead of Evolving Threats

Sign up for our free newsletter and receive invaluable threat notifications from our Threat Intelligence team.

By submitting this form, you agree to the Proficio Website Terms of Use and the Proficio Privacy Policy.


Experience Tomorrow’s
Security Today

Request a Demo and Experience Proficio's
Innovative Solutions in Action.

By submitting this form, you agree to the Proficio Website Terms of Use and the Proficio Privacy Policy.