Bombardier, a Canadian airplane maker, has officially disclosed a data breach incident after some of the stolen data was listed on Clop ransomware’s leak site. Though Bombardier didn’t specifically mention it, it’s touted to have been affected by the bugged Accellion’s FTP software, which was a zero-day bug that affected several companies to date.
Bombardier Data Breach
Bombardier is a Canadian airplane maker having operations in over 12 countries and a fleet of nearly 4,900 aircraft. The company is the latest one being added to the victim’s list of Accellion’s faulty software hack, which had affected tens of companies to date. The list includes SingTel, Fugro, Jones Day, and even the State Auditor office of Washington.
Bombardier joins the list as it today hinted to have been affected by the same FTP software as others above. In its statement, Bombardier said that an
“unauthorized party accessed and extracted data by exploiting a vulnerability affecting a third-party file-transfer application.”
However, it didn’t specifically mention that to be Accellion’s FTP software.
It was built into the company’s network for serving the purpose of sharing large files, which would otherwise not be shared through general emails. Accellion has released a statement saying that over 100 of its 300 clients were affected by its zero-day bugged software, with over 25 clients having their data stolen by hackers!
Now, Bombardier was forced to make a public statement after some of its stolen data was leaked on Clop ransomware’s leak site on the dark web. The leaked data reveals the designs of the company’s airplanes and aircraft. While there’s no sensitive data included in the leak, Bombardier is keen that some of its IP data may have been stolen too.
Realizing the incident, Bombardier has informed the relevant authorities and law enforcement and is now investigating the incident with cybersecurity and forensic professionals. Initial reports revealed that nearly 130 employees located in Costa Rica were impacted, and some data belonging to the employees, customers, and suppliers were compromised.