Airline Hack Hijacks Data Of 20,000 Customers

So much for flying the friendly skies. This past month, Air Canada announced that a minimum of 20,000 Canadian residents using their airline had their PII (Personally Identifiable Information) stolen. The PII was stolen from the Air Canada mobile app accounts. Immediately after discovering the breach, Air Canada released a notice to its app users “…we have locked all Air Canada mobile App accounts to protect our customers’ data.” However, those customers caught in the hack have much bigger worries than accessing a locked app.

The hack was first noticed after a high incidence of “unusual login behavior” was detected. Air Canada acted immediately by informing customers who may be affected and by locking their apps and posting a notice on its website. The Air Canada mobile app welcomes users to store an abundance of PII and that’s exactly what hackers stole. Just some of the hacked info includes names, email addresses, birthdates, and unfortunately, passport information. Passports include country of residence, nationality, ID numbers, and expiration dates. Due to encryption, the airline believes no financial data was compromised. For now, what exactly hackers plan to do with that PII is known only to them.

The airline app now requires users to change their passwords to gain access, suggesting they use “robust” passwords. Typically, this means making them at least eight characters and combining upper and lowercase letters with special characters and numbers. Those Air Canada app users can contact Canadian Travel and Tourism regarding the safety of their passport data. However, those 20,000 compromised customers also need to be aware of continued attacks by hackers using their PII. Much like many others whose data was stolen one way or another, there’s the need to be keenly aware of extended and ongoing attacks using their pilfered PII. Below is one of the most widely used attack after one’s PII is stolen.

Targeted Phishing Attacks

One of the most frequently successful hack attacks out there are targeted phishing attacks. Hackers use your stolen PII for laser-focused email phishing tactics. They’ll use your stolen PII to send emails subjects that look legit and target you personally. After opening the email, users are often asked to click on a link or open attachments. There’s no doubt those links and attachments are laced with malware, and that opens the door to even more data theft. Hackers have no conscience and they will take advantage of stolen PII to steal even more valuable PII. Often, they send phishing emails to victims offering “legitimate” services helping those who were hacked. They often look like they’re from your bank and other financial accounts. Remember this: Never take that bait. If you’re truly concerned about its legitimacy, pick up the phone and call the service in question. Never use a phone number provided in the email, it’s likely connected to the hacker. The need for vigilance is always necessary, but it becomes even more crucial after one’s data is hacked.