Bombardier, a Canadian airplane maker, has officially disclosed a data breach incident after some of the stolen data was listed on Clop ransomwareโs leak site. Though Bombardier didnโt specifically mention it, itโs touted to have been affected by the bugged Accellionโs FTP software, which was a zero-day bug that affected several companies to date.
Bombardier Data Breach
Bombardier is a Canadian airplane maker having operations in over 12 countries and a fleet of nearly 4,900 aircraft. The company is the latest one being added to the victimโs list of Accellionโs faulty software hack, which had affected tens of companies to date. The list includes SingTel, Fugro, Jones Day, and even the State Auditor office of Washington.
Bombardier joins the list as it today hinted to have been affected by the same FTP software as others above. In its statement, Bombardier said that an
โunauthorized party accessed and extracted data by exploiting a vulnerability affecting a third-party file-transfer application.โ
However,ย it didnโt specifically mention that to be Accellionโs FTP software.
It was built into the companyโs network for serving the purpose of sharing large files, which would otherwise not be shared through general emails. Accellion has released a statement saying that over 100 of its 300 clients were affected by its zero-day bugged software, with over 25 clients having their data stolen by hackers!
Now, Bombardier was forced to make a public statement after some of its stolen data was leaked on Clop ransomwareโs leak site on the dark web. The leaked data reveals the designs of the companyโs airplanes and aircraft. While thereโs no sensitive data included in the leak, Bombardier is keen that some of its IP data may have been stolen too.
Realizing the incident, Bombardier has informed the relevant authorities and law enforcement and is now investigating the incident with cybersecurity and forensic professionals. Initial reports revealed that nearly 130 employees located in Costa Rica were impacted, and some data belonging to the employees, customers, and suppliers were compromised.