Originally Posted by Transpacificflyer

Let's consider what we do know;
Under multiple privacy and public company regulatory laws, Air Canada is obliged to declare if and when it has been hacked and the confidential information of customers or suppliers has been accessed and potentially stolen. Some jurisdictions require the target of such attacks to provide advisory and credit monitoring services to victims. Air Canada does store passport and visa information in addition to credit card data.
I am confident that if an event involving unauthorized access to confidential client data occurred we would know about it. While Canada is not known for protecting the rights of consumers, the EU and the USA do care.