PAL Airlines – an independent airline based in St. John’s, NB – has launched an investigation into a “data security incident” which may have exposed sensitive customer and employee information.
The airline revealed that the breach is thought to be limited to only one email account, which contains information on the company’s employee pass travel program. The information includes names, dates of birth, and credit card information.
CBC News stated that PAL Airlines will be working with the Federal Office of the Privacy Commissioner of Canada in its investigation into the matter.
The federal privacy commissioner had launched its own investigations into two fairly recent major data breaches – the Equifax Canada and Capital One incidents. Of the two, Commissioner Daniel Therrien came to the conclusion that Equifax failed its privacy obligations to Canadians due to its lack of proper security safeguards; Equifax has since agreed to a compliance agreement wherein it will submit audit reports of its own security to the commissioner over the next six years.
PAL Airlines offered assurances that more information on the incident will be made available as the investigation continues. The company is also in the process of reaching out to those customers who may have been affected by the breach.