Air Canada has warned customers who use its Mobile+ app to reset their accounts after it discovered a data breach that may have involved passport numbers.

The airline says the breach is believed to have taken place between 22 and 24 August, when it noticed “unusual login behaviour”.

Although Air Canada “immediately took action to block these attempts”, including blocking all accounts on the app, it believes that 20,000 of its 1.7 million user profiles may have been accessed.

Despite the fact that passport details included in these profiles may have been compromised, Air Canada directs customers to the Canadian government’s website, which says that the chance of a third party obtaining a new passport in the customer’s name is low if the passenger still holds the original document and other supporting identity documents.

The carrier also assures customers that their credit card information is encrypted within the app, but advises them to monitor their credit card activity for anything unusual.

If users are members of the Aeroplan loyalty programme, the carrier says their accounts should be safe because their password is not stored in the app, however they are advised to monitor their Aeroplan accounts.

A statement on the Air Canada website includes a link for Mobile+ users to reset their password in order to reactivate their account.

View the full statement here.