Air Canada has suffered a cyberattack in which some employee information was accessed.
The news was confirmed by the airline itself, via a press release published on the company’s website, where a statement revealed, “an unauthorized group briefly obtained limited access to an internal Air Canada system related to limited personal information of some employees and certain records.”
The airline’s operations continued as usual, as both internal and external systems were not affected by the incident, the company confirmed. Customer information was also not tampered with.
Missing details
“We have since implemented further enhancements to our security measures, including with the help of leading global cyber security experts, to prevent such incidents in the future as part of our ongoing commitment to maintaining the security of the data we hold,” the company added.
The police and other relevant organizations have been notified, the announcement concludes.
Other than this, Air Canada did not disclose further details, meaning there are quite a few unanswered questions. For example, we don’t know who the threat actors behind the incident were, or what they were actually after. We don’t know how they managed to infiltrate Air Canada’s systems, was this a successful phishing attack, or a zero-day vulnerability abused through malware. Finally, we don’t know if this was a ransomware attack, although, given the fact that the company’s systems remained operational throughout the incident, it’s unlikely.
We do know that this is not Air Canada’s first rodeo. In 2018, BleepingComputer reminds, profile information of 20,000 mobile app users was accessed, forcing the company to lock out 1.7 million mobile app accounts until the issue was resolved.
Via BleepingComputer
More from TechRadar Pro
Services Marketplace – Listings, Bookings & Reviews