Bombardier, a Canadian airplane maker, has officially disclosed a data breach incident after some of the stolen data was listed on Clop ransomwareโ€™s leak site. Though Bombardier didnโ€™t specifically mention it, itโ€™s touted to have been affected by the bugged Accellionโ€™s FTP software, which was a zero-day bug that affected several companies to date.

Bombardier Data Breach

Bombardier Disclosed Data BreachBombardier is a Canadian airplane maker having operations in over 12 countries and a fleet of nearly 4,900 aircraft. The company is the latest one being added to the victimโ€™s list of Accellionโ€™s faulty software hack, which had affected tens of companies to date. The list includes SingTel, Fugro, Jones Day, and even the State Auditor office of Washington.

Bombardier joins the list as it today hinted to have been affected by the same FTP software as others above. In its statement, Bombardier said that an

โ€œunauthorized party accessed and extracted data by exploiting a vulnerability affecting a third-party file-transfer application.โ€

However,ย it didnโ€™t specifically mention that to be Accellionโ€™s FTP software.

It was built into the companyโ€™s network for serving the purpose of sharing large files, which would otherwise not be shared through general emails. Accellion has released a statement saying that over 100 of its 300 clients were affected by its zero-day bugged software, with over 25 clients having their data stolen by hackers!

Now, Bombardier was forced to make a public statement after some of its stolen data was leaked on Clop ransomwareโ€™s leak site on the dark web. The leaked data reveals the designs of the companyโ€™s airplanes and aircraft. While thereโ€™s no sensitive data included in the leak, Bombardier is keen that some of its IP data may have been stolen too.

Realizing the incident, Bombardier has informed the relevant authorities and law enforcement and is now investigating the incident with cybersecurity and forensic professionals. Initial reports revealed that nearly 130 employees located in Costa Rica were impacted, and some data belonging to the employees, customers, and suppliers were compromised.

LEAVE A REPLY

Please enter your comment!
Please enter your name here