Air Canada admits hack of employee data

Share post:

Canada’s national airline has admitted suffering what is says was a “brief” breach of security controls, although the statement from Air Canada doesn’t say when the incident happened or how much personal information the attacker accessed.

“An unauthorized group briefly obtained limited access to an internal Air Canada system related to limited personal information of some employees and certain records,” the airline said Wednesday.

“We can confirm that our flight operations systems and customer-facing systems were not affected. No customer information was accessed. We have contacted parties whose information has been involved as appropriate, as well as the relevant authorities.

“We can also confirm all our systems are fully operational. We have since implemented further enhancements to our security measures, including with the help of leading global cyber security experts, to prevent such incidents in the future as part of our ongoing commitment to maintaining the security of the data we hold.”

It isn’t known if the airline was targeted, the threat actor took advantage of a known application vulnerability or leveraged a stolen credential.

One good sign the short statement from the airlines suggests is that it was able to identify that there had been a breach of security controls and was quick to eject the intruder., which tracks cyber attacks, noted in February that the air transport industry is increasingly targeted by cyber attackers. These include denial of service attacks on the websites of airports of Western countries believed to have been committed by pro-Russian groups after the Russian invasion of Ukraine. For example last year 10 U.S. airports were hit by DDoS attacks on October 10th. 

One Canadian airline hit last year was charter operator Sunwing, following a cyberattack on the airlines’ check-in service supplier, Airline Choice. Air cargo supplier Swissport was hit by a ransomware attack, as was a Montreal military contractor that makes cockpit systems integration, avionics, display solutions, and high-performance microelectronics for military and commercial aircraft. 

David Shipley, CEO of New Brunswick’s Beauceron Security and a regular guest commentator on ITWC’s Cyber Security Today podcast, hoped Air Canada can share more about this hack soon. “There could be lots of valuable lessons for other organizations and I’d love to see us move away from victims feeling like they can’t be more open about incidents for fear of being blamed,” he said in an email.

“Based on the statement, it looks like they had a decent response plan and good containment of the incident. Any organization can get hacked, period. It’s how we respond and how we can help each other learn collectively that’s most important.”

The post Air Canada admits hack of employee data first appeared on IT World Canada.
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.


Related articles

Security research team claims to have helped avert a major supply chain attack

JFrog Security Research team continuously scans public repositories such as Docker Hub, NPM, and PyPI to identify malicious...

Phishing attacks on state and local governments surge by 360%

Phishing attacks targeting state and local governments have surged by 360% between May 2023 and May 2024, according...

What is Ticketmaster saying to its customers?

Here's the letter that has been sent out out to Ticketmaster clients that a reader sent to me....

Cyber Security Today, July 8, 2024 – New ransomware group discovered, and summer podcast break starts

A new ransomware group is discovered. Welcome to Cyber Security Today. It's Monday July 8th, 2024. I'm Howard Solomon,...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways