E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by Bennett Gold LLP, Chartered Accountants

Effective December 31, 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering articles from the period 1999 to 2012.


Source: NationalPost.com

Posted on July 28, 2003

      Members of Air Canada's frequent flyer program, Aeroplan, had crucial personal information -- such as their phone number, e-mail address and recent account activity -- made available on the plan's Web site this weekend due to a technical glitch.

      Those who visited the Web site on Saturday were able to view the profiles of other aeroplan members.

      The information available included: the person's name; home address; telephone numbers; date of birth; date of joining Aeroplan; the balance; and account activity, such as number of reward flights taken.

      However, credit card numbers and Web site passwords were not available.

      Air Canada said the problem resulted from a glitch in its technical network, and was not the result of hackers tapping into the system.

      Some Aeroplan members who were aware of the security breach and informed Air Canada are angry because they allege it took the airline roughly two hours before it shut down the Web site -- enough time for people to gather data for marketing purposes.

      "I called five times," said Arnie Aberman, an Aeroplan member who claims to have discovered the problem at about 5:30 Saturday morning. "And they told me, 'It wouldn't be done until 8 a.m. because no one is on call.' It was ridiculous.

      "That is the real scandal," said Mr. Aberman, a former dean of medicine at the University of Toronto.

      "For a company like that to not have 24-hour coverage of a Web site ... I can't believe it."

      Laura Cooke, a spokeswoman for the Montreal airline, said yesterday IBM Canada, which runs Aeroplan's computer system, was aware of problems with the Web server.

      "They endeavoured to correct, or amend, the glitch in real time, but when it became apparent that was not possible, they actually shut down the site," Ms. Cooke said, adding that information that's deemed to be secure -- such as credit card numbers and the passwords to enter online Aeroplan accounts -- was "never compromised."

      Ms. Cooke said 50 bookings were made on the Aeroplan Web site at the time IBM was trying to fix the computer glitch. Air Canada and IBM conducted an audit and confirmed the appropriate accounts were either credited or debited. "That proved to us, again, the secure server was functioning."

      Nevertheless, the security breach raised concerns among privacy experts.

      "This is pretty serious -- that someone can go to a Web site and find out a lot of information about other people who haven't agreed to make [it] public," said Darce Fardy, head of Nova Scotia's privacy office. "When people join Aeroplan, they assume any information they give will be kept secure."

      A recent Statistics Canada study indicated that more than 75% of Canadians who use the Internet for shopping worry about privacy and security.

      Aeroplan has about six million members, making it one of the biggest loyalty programs in the country. Members accumulate points either by flying on Air Canada or making purchases with certain credit cards. About 1.4 million round trips were redeemed for travel through Aeroplan, on either Air Canada or a Star Alliance partner, in the past year.

      Some members, such as Mr. Aberman, are furious over this past weekend's security breach, judging by postings on a Web chat room dedicated to frequent flyers.

      "I am not too concerned about [Aeroplan] status and balances -- but my address and phone numbers, that is a different story," said one participant.

      Added another: "Air Canada has one of the single largest repositories of personal information in the Canadian private sector, yet do not even have 24-7 technical support on their network systems? This is truly embarrassing."

CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

Final Entries

LINK TO: Bennett Gold Chartered Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Privacy Breaches.

Get WebTrust
Working For
Your Site.