Air Canada has suffered a cyberattack in which some employee information was accessed.
The news was confirmed by the airline itself, via a press release published on the company’s website, where a statement revealed, "an unauthorized group briefly obtained limited access to an internal Air Canada system related to limited personal information of some employees and certain records."
The airline’s operations continued as usual, as both internal and external systems were not affected by the incident, the company confirmed. Customer information was also not tampered with.
"We have since implemented further enhancements to our security measures, including with the help of leading global cyber security experts, to prevent such incidents in the future as part of our ongoing commitment to maintaining the security of the data we hold," the company added.
The police and other relevant organizations have been notified, the announcement concludes.
Other than this, Air Canada did not disclose further details, meaning there are quite a few unanswered questions. For example, we don’t know who the threat actors behind the incident were, or what they were actually after. We don’t know how they managed to infiltrate Air Canada’s systems, was this a successful phishing attack, or a zero-day vulnerability abused through malware. Finally, we don’t know if this was a ransomware attack, although, given the fact that the company’s systems remained operational throughout the incident, it’s unlikely.
We do know that this is not Air Canada’s first rodeo. In 2018, BleepingComputer reminds, profile information of 20,000 mobile app users was accessed, forcing the company to lock out 1.7 million mobile app accounts until the issue was resolved.
More from TechRadar Pro
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.