The company mentions having found “unusual activity”
Air Canada has forced a password reset for users of its mobile app after identifying some unauthorized access attempts that could have compromised personal data for up to 20K customers, as reported by cyber security organization experts. The airline claimed to have discovered an “unusual log in behavior” between August22 and 24.
The company claims it’s been taking steps to block these attempts, besides implementing additional security protocols to block future events. “As an additional security measure, we have blocked all Air Canada’s mobile app accounts to protect our customers’ data”, the company spokespersons mentioned.
Last Wednesday the company began to notify the affected users, who represent 1% of the total customers of their mobile apps, and said that it trusted that the incident has not affected other costumers or services.
All credit card information is encrypted in order to meet the terms of the Payment Card Industry Data Security Standard (PCI DSS), but the airline has also requested customers to review their financial institutions transactions on a regular basis looking for any possible fraud attempt.
“We ask all users of the Air Canada mobile app to restore their passwords to further improve security measures”, says the company’s statement. “A better-built password provides an additional protection layer”.
Cyber security organization experts from the International Institute of Cyber Security questioned why the airline still relies on password-based authentication for customers when multifactorial authentication represents the best practice of the industry. “Why doesn’t the airline care about establishing better security measures? If you are dealing with sensitive personal information, why have you not implemented multiple-factor authentication mechanisms for your users?” experts said.
These are relatively simple measures that could and should have been implemented before the events in Air Canada.
Some of the potentially leaked data could reach significant sums in clandestine trade forums. As threats continue to spread and intensify, end-to-end security is key; the cyber security organization must focus on their wireless, mobile, and cloud networks, as well as employee awareness to reinforce any possible attack vector.
It is not yet confirmed whether the incident arose as a result of a security breach on Air Canada systems or whether hackers decrypted user information using previously compromised data.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.