Daniel Tobok was interviewed by Mike Embley, news anchor at BBC News on August 29, 2018.
Air Canada has had cyber security breaches before, but not with it’s mobile app. Between August 24 and August 26, 2018 that changed. About 20,000 Air Canada customers may have had their personal data exported not by garden variety teenage hackers, but by organized crime. The fancy terms for this is “exfiltrated.”
In addition, about 1.7 million Air Canada customers were locked out of the mobile app, after learning of the data breach. The Air Canada app could not handle volume of people trying to change their passwords.
“First name, last name, phone number, email, these are typically information that is gold to cyber criminals,” said Daniel Tobok, CEO of Cypfer Inc.
“Add to that your NEXUS number, your passport number, your date of birth, and your nationality and you have a treasure trove of information,” added Tobok. “None of the U.S. security services are happy about this breach, because it affects travel to the U.S.”
The Air Canada mobile app did not have so-called 2-factor authentication, which made it both vulnerable and a target for cyber criminals.