Canada’s Bombardier Customer Data Dumped on Dark Web
Note: We are reader supported and may earn a small commission when you click on links in posts
Canadian airplane manufacturer Bombardier has suffered a data breach. Customer and employee data stolen in the cyberattack was posted on a dark web forum.
Clop ransomware gang is behind the security breach. Although no ransomware was deployed in this attack.
“In accordance with established cybersecurity procedures and policies, Bombardier promptly initiated its response protocol upon detection of the data security incident. As part of its investigation, Bombardier sought the services of cybersecurity and forensic professionals who provided external confirmation that the company’s security controls were effective in limiting the scope and extent of the incident.” said Bombardier in its press release.
Bombardier Makes Learjets
Bombardier Inc. (TSX: BBD.B) is a Canadian airplane manufacturer based in Montreal. The company is well known for its family of Learjet, Challenger, and Global business jets. The company also provides regional jets to commercial airlines. Bombardier’s CRJ700/900/1000 regional jet family is one of the safest in the world.
SEE ALSO Will My VPN Work in Canada?
Bombardier was not the single focus of the cyberattack. The data breach occurred when attackers exploited a vulnerability in a third-party file-transfer application.
The app was not named in the press release but Accellion FTA is likely.
Employee and Customer Data Exfiltrated
The Bombardier data breach compromised personal information belonging to employees, customers, and suppliers in 130 employees located in Costa Rica. Stolen data was posted on the “CL0P^_- LEAKS” .onion website. The company did not specify the details of the records.
The company has contacted those impacted by the data breach.
On February 22, security researchers at FireEye released its findings on attacks exploiting the Accellion File Transfer Appliance (FTA).
“The motivation of UNC2546 was not immediately apparent, but starting in late January 2021, several organizations that had been impacted by UNC2546 in the prior month began receiving extortion emails from actors threatening to publish stolen data on the “CL0P^_- LEAKS” .onion website,” says FireEye in a post on the website.
Organizations in the United States, Singapore, Canada, and the Netherlands have all been attacked.
In a February 22, 2021 press release, Accellion said that 300 of its customers were still using FTA servers. Of those customers 100 were attacked and 25 of them has data exfiltrated by hackers.
Although Accellion has patched the FTA app vulnerabilities, the company strongly recommends that FTA customers migrate to its enterprise content firewall platform, kiteworks.
Bombardier says the company is working with third-party cyber security forensics experts. The incident has been reported to law enforcement.