October 23, 2019

Aeroplan members required to reset passwords

While Aeroplan systems have not been compromised and your Aeroplan miles if any, are unaffected, we have however, seen some evidence of suspicious login activity with credentials stolen from various external privacy breaches unrelated to Air Canada or Aeroplan. As a consequence, Aeroplan is requiring all members who have not reset their passwords since Aeroplan upgraded its customer log-in process on Sept. 10, 2019 to do so prior to accessing their Aeroplan account.

Members who have not reset their passwords will receive an email from Aeroplan requesting that this be done.

As is common practice, Aeroplan will contact any member directly if we determine their information may have been inappropriately accessed.

Your privacy and protection of your data are extremely important to us, which is why we’re requiring you to change your password.

To change your password:

Step 1. Visit the Forgot Your Password page, here, or access via Aeroplan.com > Login > Password - HELP.

Step 2. Follow a few prompts to verify it’s you, including your Aeroplan number. You can retrieve your Aeroplan number via Aeroplan.com > Login > Aeroplan Number - HELP.

Step 3. Update to a more secure password following the prompts on the page.

Some questions you may have are below with our answers.

I changed my password when Aeroplan implemented its new log-in system in September. Am I required to change my password again?
If you already changed your password after Aeroplan upgraded its customer log-in process on Sept. 10, 2019, then your account is safe. There is no requirement to take any action, as your password meets Aeroplan’s new standards.

What information is on my Aeroplan profile?
Your profile stored on your Aeroplan account may include your name, gender, birthdate, email address, home address, telephone numbers, and additional customer information.

No credit card, passport or NEXUS information was exposed during the recent suspicious activities.

Is my information protected?
We have several industry-leading safeguards in place to ensure your information is kept safe. However, we also require you to ensure your Aeroplan password is unique and robust to provide an extra layer of protection.

What can this information be used for?
It is unlikely that the information in your account could be used for identity theft. There is a possibility this information if accessed, can be used to phish for more information. Phishing scams are commonly used by fraudsters to contact people by email, telephone or text message posing as someone from a legitimate institution to trick people into providing sensitive data such as personal information, banking and credit card details, and passwords.

How many member accounts may have been accessed through these suspicious log‑ins?
A very small fraction of one percent of member accounts. Aeroplan is contacting this small number of potentially affected members directly.

What are my next steps?
Reset your password by following the prompts the next time you log-in to Aeroplan, or you may also go directly to the Aeroplan site to reset your password. You will find tips to reset your password. The implementation of a unique and more robust password provides you with an extra layer of protection.

Is there anything else I should do?
Protecting your information is a top priority, and we have a number of safeguards in place to ensure your information is kept safe and will be adding additional measures shortly such as Multi-Factor Authentication (MFA) as an additional layer of security. MFA requires an independent verification method via either email or phone to confirm your identity.

As a best practice, we also recommend Aeroplan members review all transactions regularly and immediately report any irregular or unfamiliar transactions to us immediately.

Additional information
Your privacy and the protection of your data are extremely important to us. Our security is multi-layered, and we work with leading industry experts to continuously improve our practices as technology and security procedures evolve. You can continue using Aeroplan with confidence.