31 August Weekly Podcast: Air Canada, Huazhu Hotels, and West Ham FC

In this week’s podcast, we discuss the data breach at Air Canada, Huazhu Hotels, and West Ham Football Club

Hello and welcome to the IT Governance podcast for Friday the 31st of August. Here are this week’s stories.

North American Airline, Air Canada, suffered a data breach resulting in the suspected loss of thousands of its customers’ personal details.

Air Canada detected unusual login activity last week and, took the decision to lock down all 1.7 million accounts, as a precaution. It is believed 20,000 accounts were compromised.

The airline stresses that, because customer’ credit card details were encrypted, they shouldn’t be at risk. However, due to the type of data that was stolen – ID fraud will become a huge risk for those affected.

Stolen data included:

  • passport number
  • passport country of issue
  • passport expiration date
  • nationality
  • country of residence
  • birth date

Prof Alan Woodward, from the University of Surrey commented “The loss of passport data in this breach makes it unusual”

“Like driving licences, passports are considered government-issued ID and it is assumed that only the holder will know the contents.”

Air Canada has stated that those affected have been contacted.


An advert offering 140 gigabytes of data has appeared for sale on a dark web forum, and is believed to include 130 million customer records of a Chinese hotel group.

Huazhu hotels said to the BBC in a statement that it has “called the police without any delay”.

Third-party security companies in China have already reviewed and authenticated the data as being a new cache, rather than a collection of previously-leaked details.

Hotels are a popular target for cyber criminals, due to the type of content required to book a hotel room which usually includes a form of ID and credit or debit card information.

China’s Law on the Protection of Consumer Rights and Interests stipulates that, operators should take measures to safeguard information security, to keep consumers’ private information safe.


West Ham football club, have apologised to their fans, and this time it’s not for their recent performances, but instead a data breach.

An employee of the club “inadvertently” shared “hundreds” of supporter’s email addresses while confirming their successful applications for tickets for the teams match against AFC Wimbledon. This blunder was caused by using the CC field and not the BCC field.

Upon discovering the error, an attempt was made to recall the mass email – but the follow-up email apologising for the error resulted in the email addresses being shared again.

The ICO is aware of the incident and is “making enquiries”.

Well, that’ll do for this week. Until next time you can keep up with the latest information security news on our blog. Whatever your information security needs – whether regulatory compliance, stakeholder reassurance or just greater business efficiency – IT Governance can help your organisation to protect, comply and thrive. Visit our website for more information: itgovernance.co.uk.