Credit Card Data from 16 Travel and Leisure Companies at Risk
On December 9, Wandera reported a security flaw that affected 16 companies from around the world, including airlines such as Air Canada, easyJet, AirAsia and Aer Lingus. The security vulnerability, which Wandera is calling “CardCrypt,” had the potential to reveal the unencrypted credit card information of hundreds of thousands of customers.
Wandera, a company that provides enterprise cloud services and security, found the companies were not fully encrypting information on the payment portion of their mobile websites and/or apps, which is a basic security requirement.
Information that may have been compromised includes credit card numbers, CVVs, passport details, vehicle registration information, email addresses, billing addresses and phone numbers.
These affected companies have a combined 500,000 passengers and customers each day:
|easyJet||Aer Lingus||Chiltern Railways|
|Dash Card Services||KV Cars||PerfectCard.ie|
|1Robe.fr||Oui Car||San Diego Zoo|
|Air Canada||CN Tower||American Taxi|
|Get Hotwired||Tribeca Med Spa||AirAsia|
Although it is unknown whether or not this data was accessed by an unauthorized third party, Wandera suggests that customers of these companies take steps to protect their information, including monitoring accounts for suspicious activity and cancelling any credit cards that could have been affected.
As of today, Wandera reports that easyJet, Chiltern Railways, San Diego Zoo, CN Tower, Aer Lingus and Air Canada have resolved the problem.