Back to Data breach

Data breach

Air Canada mobile app data breached

Between August 22-24, 2018, Air Canada detected unusual login behavior on its mobile app. These malicious login attempts ended up exposing the personal data of around 20,000 registered mobile app users, including details like name, email address, and phone number. Other profile information that may have been compromised includes users' Aeroplan numbers, passport numbers, NEXUS numbers, and known traveler numbers.

How did Air Canada respond?

As soon as the incident was discovered, Air Canada locked all mobile app user accounts to protect user data. It also notified potentially affected customers about the breach and emailed them steps for unlocking their accounts. To enforce an additional layer of security, password guidelines were evaluated and improved, and customers were asked to reset their passwords to meet these new guidelines. To further prevent similar incidents in the future, Air Canada has implemented additional protocols in its security system.

Fortunately, users' credit card information and Aeroplan passwords were not compromised. Air Canada had encrypted users' credit card information compliance with PCI standards, and users' Aeroplan passwords were not stored in the app. The company's practice of separating mobile app and web application accounts ensured that accounts created on aircanada.com were not affected by the breach.

How can ManageEngine help?

Such incidents can be thwarted with the help of ManageEngine ADAudit Plus. It provides real-time monitoring of user logon activities and sends instant email alerts upon detecting anomalous activity. It also offers preconfigured reports on user logon actions such as:

  • Logon failures.
  • Recent user logon activity.
  • Failures due to bad passwords.
  • Failures due to bad user names.

Get started today with your free, 30-day trial.

Latest DoS and DDoS attacks

Latest Brute force attack

Latest Crypto ransomware

Latest Advanced persistent threat (APT)

Compliance violation

Stay In The Know

Subscribe to our digest to get your weekly dose of cyber security updates straight to your inbox.

Please enter a business email id
 

By clicking 'I’m interested', you agree to processing of personal data according to the Privacy Policy

© 2019 Zoho Corporation Pvt. Ltd. All rights reserved.