Air Canada says hackers accessed limited employee records during cyberattack

Jason Macuray

Canada’s largest airline announced a data breach this week that involved the information of employees, but said its operations and customer data was not impacted.

Air Canada, one of the world’s oldest airlines running more than 1,300 flights a day, released a statement on Wednesday explaining a recent data breach.

The company did not respond to requests for comment about when the attack occurred and whether it was a byproduct of a ransomware attack.

“An unauthorized group briefly obtained limited access to an internal Air Canada system related to limited personal information of some employees and certain records. We can confirm that our flight operations systems and customer facing systems were not affected,” the company said.

“No customer information was accessed. We have contacted parties whose information has been involved as appropriate, as well as the relevant authorities. We can also confirm all our systems are fully operational.”

The company added that it worked with cybersecurity experts to further lockdown its systems following the incident.

The announcement came on the same day that a cyberattack suspected to be carried out by a pro-Russia hacking group reportedly resulted in widespread service disruptions at several Canadian airports.

The Canada Border Services Agency (CBSA) confirmed to Recorded Future News that the connectivity issues that affected check-in kiosks and electronic gates at airports last week are the result of a distributed denial of service (DDoS) attack.

No group has taken credit for the attack on Air Canada but the country’s businesses have faced relentless attacks from Russia-based actors since Canada’s government announced its support for Ukraine last year.

Data breaches and cyberattacks have become a common affliction for airports over the last decade, with several incidents affecting Scandinavian Airlines, India’s SpiceJet, Air India and Bangkok Air. Several aviation companies like Jeppesen and Accelya have also faced attack.

Last week, European aerospace giant Airbus said it is investigating a cybersecurity incident following reports that a hacker posted information on 3,200 of the company’s vendors to the dark web.

A July report from IBM said the transportation industry had one of the highest breach cost-per-breach figures of any they tracked – with the average breach costing companies in the industry $4.18 million in 2023.

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.


Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Cyber insurance claims spiked in first half of 2023 as ransomware attacks surged: report

Next Post

T-Mobile denies rumors of a breach affecting employee data

Related Posts

New DEEP#GOSU Malware Campaign Targets Windows Users with Advanced Tactics

A new elaborate attack campaign has been observed employing PowerShell and VBScript malware to infect Windows systems and harvest sensitive information. Cybersecurity company Securonix, which dubbed the campaign DEEP#GOSU, said it's likely associated with the North Korean state-sponsored group tracked as Kimsuky. "The malware payloads used in the DEEP#GOSU represent a
Read More