Another major exploit
If you fly Air Canada and use their mobile app, it may be time to change your password. The company recently announced that between August 22nd and August 24th of this year, they detected "unusual log-in behavior," and that a small fraction (some 20,000) of their 1.7 mobile app users may have had their data compromised as a result.
The company stressed that no credit card information was compromised, but that doesn't make the breach much less damaging.
The exposed data included:
- Customer name
- Physical address
- Email address
- Phone number
- Any information an individual customer added to his or her profile
Worst of all is the fact that passport numbers were also exposed. Using that information, a hacker could easily gain access to the countries that a person has been to, when the passport expires, country of residence, the flight numbers of any flights they've taken, their gender, birthday and more.
As is usually the case when events like this occur, Air Canada has apologized to their customers and has reached out to all of their potentially impacted users.
Even if you didn't get a notification from Air Canada, it would be prudent to change your password as soon as possible.
The company has not released any details about exactly how the breach occurred, and the matter is still under investigation.
Our perspective
Note that in terms of scope and scale, this is a fairly small breach. The 20,000 users represent about 1 percent of the total user base. Even so, the data stolen has the potential to be quite damaging. Even after you change your password, since email addresses were compromised during the breach, be on the alert for phishing emails, as the group responsible may attempt to leverage the information they have to get even more.
The author
Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPia Blogs. I am also available at dwpia on LinkedIn, at dwpia on Facebook, and @dwpia on Twitter.
Denis S Wilson
I am President and Principal Consultant for DWP Information Architects: specializing in managed IT support for smaller healthcare practices, clinics, insurance companies, law firms, and construction companies in Ventura County and San Fernando Valley. And have created cost-effective IT solutions, for over 20 years, specializing in cybersecurity and regulatory compliance.
I am also a published author and speaker, working extensively with organizations that include: the State of California, the Federal Bureau of Investigation (FBI), the Small Business Administration (SBA), SCORE, Women's Business Centers, and Small Business Development Centers. As well as providing small business technology education programs through business and professional associations.
Contact me if you would like me to speak at your meeting.
Meanwhile, check out this report
Executive Report: 10 Hidden IT Risks That Might Threaten Your Business