Connect with us

Hi, what are you looking for?


Air Canada suffers major app data breach of 20,000 customers

Air Canada has issued a warning to users of its booking and checking-in app that those who had entered their passport details into the app may well have have had that data stolen through a cyberattack. This places those who entered their details at serious risk of identity theft and subsequent identity fraud. It is believed approximately 20,000 customers may have had their data stolen. Air Canada is the flag carrier and the largest airline of Canada by fleet size and passengers carried.

Profile data, such as names, email addresses, Aeroplan number, passport numbers, NEXUS numbers, Known Traveler numbers, genders, dates of birth, nationalities, passport expiration dates, passport countries of issuance and countries of residence can all be added to the app.

It is not yet clear how the data attack happened, CBC reports. The public became aware of the issue after Air Canada informed its customers via an email that it “recently detected unusual log‑in behavior with Air Canada’s mobile App between Aug. 22‑24, 2018.”

Air Canada has been criticized by industry commentators over its relatively weak security system, especially in relation to its password system. According to Amit Sethi, who is a security consultant at Synopsys, Air Canada only requires passwords to contain between six and 10 characters and that it only accepts letters and numbers, but no other symbols. This means, Sethi states in an interview with the BBC over the issue: “Many users will choose short and easily guessable passwords. Moreover, users that want to use strong passwords cannot do so.”

This weak password controls place Air Canada outside of the Canadian government’s own cyber-security advice, all passwords should “include at least one character that isn’t a letter or number” and be a minimum length of eight characters.

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:


Read the fine print carefully and understand the implications of acquiring credit card debt before signing up, check the legitimacy.

Tech & Science

This meant that the trust in that key was a forever kind of trust, one you couldn’t suddenly revoke.

Social Media

Conspiracy theories about the assassination attempt on Donald Trump received tens of millions of views on X, researchers said.


The brand managed to change the meaning of the word 'pilota' in the Michaelis dictionary.