Air Canada says personal information of 20,000 of its mobile app users may have been affected by a data breach.
In a news release, the airline explained that it noticed “unusual login activity” between Aug. 22-24 and “immediately took action.”
All users of the app — about 1.7 million customers — have been locked out of their accounts until they update their passwords.
Users have also been emailed instructions on how to log in to the app and change passwords.
READ MORE: Canadians say they are ready to ditch passwords for facial, fingerprint recognition
WATCH: Air Canada says 20,000 out of its 1.7 million mobile app users may have had their personal information compromised. As Reid Fiest reports, cybersecurity experts say it’s a lesson not to enter valuable personal information into apps.
The app stores names and contact information, which may have been accessed.
It also may hold information such as passport and NEXUS card numbers, gender, birth date, nationality and credit card numbers.
LISTEN: Tom Keenan, University of Calgary professor and author of ‘Technocreep,’ explains why passwords are quickly becoming outdated
In the coming days, Air Canada is urging customers to monitor their credit card activity and immediately contact their financial institutions if they notice anything unusual. However, the company noted that credit card information is encrypted and therefore protected.
WATCH: Father of passwords regrets past advice
While Aeroplan passwords are not stored on the Air Canada app, it is also asking users to track activity out of precaution.
The federal government explains on its website that the risk of someone unlawfully obtaining a passport under someone else’s name is low, because they need to provide other proofs of identity.
Air Canada added that the breach does not affect those who have an account on aircanada.com.
Customers hitting glitches
Several app users trying to update their login information Wednesday reported delays and glitches in the process.
Customers logging on for other purposes also hit troubles.
Air Canada explained on Twitter that the problems were caused by “high volumes” of customers trying to change passwords at once.
“We ask customers to be patient and assure them their data is protected and not accessible to unauthorized users,” the airline said in a statement. “We apologize for the delay. Please wait several hours and try again.”
WATCH: Air Canada is just latest major company to get hit by a security breach. So how vulnerable is your information in the hands of all these corporations collecting it? Global National’s Robin Gill talks to technology expert Graham Williams of GetConnected for analysis.