Air Canada reports data breach, employee data affected

ID theft
Image credit: Pixabay (Image credit: Future)

Air Canada has suffered a cyberattack in which some employee information was accessed. 

The news was confirmed by the airline itself, via a press release published on the company’s website, where a statement revealed, "an unauthorized group briefly obtained limited access to an internal Air Canada system related to limited personal information of some employees and certain records." 

The airline’s operations continued as usual, as both internal and external systems were not affected by the incident, the company confirmed. Customer information was also not tampered with. 

Missing details

"We have since implemented further enhancements to our security measures, including with the help of leading global cyber security experts, to prevent such incidents in the future as part of our ongoing commitment to maintaining the security of the data we hold," the company added.

The police and other relevant organizations have been notified, the announcement concludes. 

Other than this, Air Canada did not disclose further details, meaning there are quite a few unanswered questions. For example, we don’t know who the threat actors behind the incident were, or what they were actually after. We don’t know how they managed to infiltrate Air Canada’s systems, was this a successful phishing attack, or a zero-day vulnerability abused through malware. Finally, we don’t know if this was a ransomware attack, although, given the fact that the company’s systems remained operational throughout the incident, it’s unlikely. 

We do know that this is not Air Canada’s first rodeo. In 2018, BleepingComputer reminds, profile information of 20,000 mobile app users was accessed, forcing the company to lock out 1.7 million mobile app accounts until the issue was resolved. 

Via BleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.