Can't believe this thread has gone dead. 20,000 customers with stolen passport data and not a peep. Seems like celebrity spotting is more important on AC.

For those affected what, if any, compensation have AC offered. This was a serious breach of personal data.

Well, look at BA, 380,000 people had their personal data etc stolen and Cruz just apologized, essentially a shrug.

By any chance, have you contacted the Federal Privacy Commissioner? Not that they can do anything but perhaps they may have a suggestion.

I'm sure the fine folks of AC FT had better suggestions in this thread.

AC have only offered to cover passport fees, nothing else. Until last week they were advising people on the website that there was no issue with the stolen passport data, no need for renewals. They're now walking back this advice.

Beyond the Privacy Commissioner I'm sure many will be seeking legal advice. Credit card data is one thing but a breach that involves passports and nexus cards, that's a whole other level.

Yep, no matter how many times I reset the password, it just prompts me to do it again.

AC app has been deleted.

I was locked out of the AC website today due to "too many recently failed login attempts". I hadn't logged on in over 10 days. It's possible that the the Aeroplan numbers stolen from the mobile app could be used to hack into the main website. Stupidly Air Canada forces you to use your AP number as your username on the website.

I couldn't agree more... for myself I have filed a complaint with the Privacy Commissioner and started my own legal action. The fact that Air Canada wouldn't even offer credit report monitoring or help with passport fees when I called gave me no other choice.

serious question: Are we being advised to get a new passport by some official body, or is this just some of us being prudent?
frivolous question: Am I meant to move house too? Will AC help? Real estate prices in Vancouver should be within their reach.

Love the frivolous question: Yes new house, Kits please, OK Kerrisdale will do, if you throw in the Lambo or Ferrari..

I'm actually curious about the passport issues.

With a credit card number, expiry date, etc., I know I can make purchases.

What can be done with passport information?

In theory you could forge a basic passport with someone else's name and your photo, but it wouldn't have the chip, which would likely raise the suspicion of any border agent.

On Monday, Canadiancow waited in a huge line to pick up my families' passports and Fedex them to me as a huge favor.

The literally ONE DAY later he posts asking what can be done with passport number and other personal info. hmmm.....

Firstly, a fully forged passport with a chip could be made with the details taken in the breach. The chip is rarely scanned and nobody is validating the digital signature, not even the US.

https://www.wired.com/story/us-borde...ata-for-years/

A passport is considered a root identity, one on which others are based. Once you have the forged passport the sky is the limit really. Social insurance scams, health insurance scams, open a bank account no problem, apply for a loan then vanish. Many business and services will validate your identity without the physical document.

One of the ways to protect yourself is to have the passport replaced. Then the passport number is invalidated and reported to InterPol. That ten second awkward silence as the border agent stares at their computer? That's them waiting to see if there is a hit on their national database or the InterPol SLTD.

Can't believe people are being naive about this, this an extremely serious breach.

Ah, I didn't realize they weren't validating the signature.

But it's definitely scanned a lot. The automated kiosks in Australia and Europe definitely use the data.

And while I can't recall the countries, at least two of the ones I recently visited had my passport photo pop up on their screen after scanning it, so they were pulling that off the chip.

But when it comes to opening bank accounts and such, whether you have the correct passport expiry date, place of birth, etc., is probably much less relevant than having name and date of birth. And the answers to some out of wallet questions.

Believe me, I'm not suggesting this (or any) breach is minor.

But I'm not entirely convinced that getting all the passport data is going to make things much easier than just getting name and DOB.

https://www.vancourier.com/air-canad...ons-1.23434584

Air Canada mobile app data breach spurs class action for Privacy Act violations

After announcing a data breach of its mobile app potentially allowing unauthorized access to up to 20,000 accounts, Air Canada faces a class action for Privacy Act violations.

Foroohar Rafiei of B.C. and Scott Jeremy Hanlon of Ontario filed a notice of civil claim under the Class Proceedings Act in BC Supreme Court on Aug. 31 on behalf of Canadian residents who had an Air Canada mobile+ account or passenger profile with the airline. The airline’s mobile app, according to the claim, allows users to “manage their travel with Air Canada,” allowing mobile booking, check-ins and cancellations, features also available on the company’s website.

Wonder how long it will take to settle and what is the outcome requested ? Monetary payout, data monitoring, Aeropesos,,,,,,,,

Judging by this recently settled class action it could take up to a decade to generate any action and given the uncertainty about FFP/FFM with AC buying AP expect it would be monetary compensation.