Air Canada admits hack of employee data

Share post:

Canada’s national airline has admitted suffering what is says was a “brief” breach of security controls, although the statement from Air Canada doesn’t say when the incident happened or how much personal information the attacker accessed.

“An unauthorized group briefly obtained limited access to an internal Air Canada system related to limited personal information of some employees and certain records,” the airline said Wednesday.

“We can confirm that our flight operations systems and customer-facing systems were not affected. No customer information was accessed. We have contacted parties whose information has been involved as appropriate, as well as the relevant authorities.

“We can also confirm all our systems are fully operational. We have since implemented further enhancements to our security measures, including with the help of leading global cyber security experts, to prevent such incidents in the future as part of our ongoing commitment to maintaining the security of the data we hold.”

It isn’t known if the airline was targeted, the threat actor took advantage of a known application vulnerability or leveraged a stolen credential.

One good sign the short statement from the airlines suggests is that it was able to identify that there had been a breach of security controls and was quick to eject the intruder., which tracks cyber attacks, noted in February that the air transport industry is increasingly targeted by cyber attackers. These include denial of service attacks on the websites of airports of Western countries believed to have been committed by pro-Russian groups after the Russian invasion of Ukraine. For example last year 10 U.S. airports were hit by DDoS attacks on October 10th. 

One Canadian airline hit last year was charter operator Sunwing, following a cyberattack on the airlines’ check-in service supplier, Airline Choice. Air cargo supplier Swissport was hit by a ransomware attack, as was a Montreal military contractor that makes cockpit systems integration, avionics, display solutions, and high-performance microelectronics for military and commercial aircraft. 

David Shipley, CEO of New Brunswick’s Beauceron Security and a regular guest commentator on ITWC’s Cyber Security Today podcast, hoped Air Canada can share more about this hack soon. “There could be lots of valuable lessons for other organizations and I’d love to see us move away from victims feeling like they can’t be more open about incidents for fear of being blamed,” he said in an email.

“Based on the statement, it looks like they had a decent response plan and good containment of the incident. Any organization can get hacked, period. It’s how we respond and how we can help each other learn collectively that’s most important.”

The post Air Canada admits hack of employee data first appeared on IT World Canada.
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs


Related articles

All Okta customer support users had their email addresses copied

Identity and access provider Okta now says the threat actor who accessed its customer help desk system last month got the names and email addresses of all contacts of organizations that use its support system. Originally, the company said that, after an investigation, it determined only one per cent of the contacts from its 18,000

Failure of technology to detect attacks is a prime cause of breaches: Survey

Despite the money being poured into cybersecurity by IT departments, the leading cause of breaches of security controls was the failure of technology to detect an attack, a new survey from Trellix suggests. Forty-two per cent of respondents to the international survey of infosec leaders whose organization had suffered a recent cyber attack said their

Canadian group gets $2.2 million to research AI threat detection for wireless networks

Ericsson Canada and three universities have been awarded funds by the National Cybersecurity

Cyber Security Today, Nov. 29, 2023 – More ransomware attacks on the healthcare sector

This episode reports on a company hit twice by a ransomware gang, the arrest in Ukraine of the alleged head of a ransomware gang

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways