Data Breach: Air Canada Tells 1.7 Million Customers to Reset App Passwords

Air Canada is advising customers to reset their passwords on their mobile application after detecting a potential data breach of customer records.

In a notice, Air Canada says that a data breach it discovered last week impacted 20,000 profiles. However, the airline operator is urging all 1.7 million users to reset their passwords.

“We detected unusual login behavior with Air Canada’s mobile App between Aug. 22-24, 2018. We immediately took action to block these attempts and implemented additional protocols to protect against further unauthorized attempts,” Air Canada told its customers.

The lost data includes customers’ passport numbers, NEXUS number of expedited screening, known traveler number, birth date, passport expiration date, passport country of issue and country of residents and the nationality.

Credit card information remains safe, the airline said, due to their encrypted storage in compliance with the security standards by the payment card industry. Further, the airline noted that while some users stored passport information on the app, the data exposed isn’t enough for a new passport to be issued.

“[T]he Government of Canada cannot issue a new passport to anyone based on only the information found in a passport,” Canada’s national airline added.

It appears that a large proportion of customers have taken the suggestion onboard, with large swarms of users attempting to reset the passwords of their accounts and several being told to wait as a result of the traffic.

“Due to the large volume, some customers may experience a delay in the process to change their passwords,” the airline added.

The incident highlights the ever-present dangers of vulnerable servers and portals holding the personal information of millions of individuals and joins a long list of notable data breaches in recent years.

This article originally appeared on LIFARS.com