Air Canada reports data breach, employee data affected

It’s still unknown who stole the Air Canada data

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Air Canada has suffered a cyberattack in which some employeeinformationwas accessed.

The news was confirmed by the airline itself, via a press release published on the company’s website, where a statement revealed, “an unauthorized group briefly obtained limited access to an internal Air Canada system related to limited personal information of some employees and certain records.”

The airline’s operations continued as usual, as both internal and external systems were not affected by the incident, the company confirmed. Customer information was also not tampered with.

Missing details

“We have since implemented further enhancements to our security measures, including with the help of leading global cyber security experts, to prevent such incidents in the future as part of our ongoing commitment to maintaining the security of the data we hold,” the company added.

The police and other relevant organizations have been notified, the announcement concludes.

Other than this, Air Canada did not disclose further details, meaning there are quite a few unanswered questions. For example, we don’t know who the threat actors behind the incident were, or what they were actually after. We don’t know how they managed to infiltrate Air Canada’s systems, was this a successful phishing attack, or a zero-day vulnerability abused through malware. Finally, we don’t know if this was a ransomware attack, although, given the fact that the company’s systems remained operational throughout the incident, it’s unlikely.

We do know that this is not Air Canada’s first rodeo. In 2018, BleepingComputer reminds, profile information of 20,000 mobile app users was accessed, forcing the company to lock out 1.7 million mobile app accounts until the issue was resolved.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

ViaBleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

This can’t get any better for Black Friday – LG’s B4 OLED TV drops to just $649.99