A security vulnerability affecting 16 companies worldwide, including Air Canada, the CN Tower, and the San Diego Zoo, has potentially revealed the unencrypted credit card data of hundreds of thousands of customers, according to a report by threat detection firm Wandera.
The vulnerability, which Wandera dubbed "CardCrypt," comes after a failure of companies to effectively encrypt their customers' credit card data. The 16 global companies, including numerous airlines, failed to effectively encrypt traffic to the payment portion of their websites and apps.
According to Wandera, the 16 affected companies - which are listed below - serve a combined 500,000 customers a day, meaning information on hundreds of thousands of credit cards may have been exposed over the course of the vulnerability.
The 16 companies currently affected by the security vulnerability are:
|Aer Lingus||Ireland||Air Travel|
|Chiltern Railways||UK||Rail Travel|
|Dash Card Services||UK||Parking Services|
|KV Cars||UK||Taxi Services|
|1Robe.fr||France||Weddings & Bridal|
|Oui Car||France||Taxi Services|
|San Diego Zoo||US||Zoo|
|Air Canada||Canada||Air Travel|
|CN Tower||Canada||Tourist Destination|
|American Taxi||US||Taxi Services|
|Tribeca Med Spa||US||Health & Wellness|
|Sistic||Singapore||Events & Ticketing|
Although it is currently unknown whether any credit card information has been accessed by an unauthorized third party, customers of the aforementioned companies should take steps to secure their information, including potentially cancelling any affected credit cards and monitoring their accounts for any suspicious activity.
Wandera says the breach may have compromised information including credit card numbers, CVVs, passport details, vehicle registration information, email addresses, billing address, and phone numbers.
Wandera has called on all affected companies to implement proper security protocols and encryption in their services. Chiltern Railways, the San Diego Zoo, CN Tower, Aer Lingus, easyJet, and Air Canada have confirmed that they have resolved the issue and fixed their security vulnerabilities.