Air Canada has reported a “brief” hacking incident by an unauthorized group that compromised its internal system servers. Intruders accessed the personal information of a number of employees, the carrier said.
The company would not say which records were compromised, how many employee records were affected, when the incident took place, or when they learned of the cybersecurity breach.
Air Canada confirmed flight operations and customer-facing systems were unaffected. It added that customer data was not accessed by the hackers. Employees whose information was accessed have been notified, along with the relevant authorities, according to the statement.
Systems are now fully operational the company said, adding, “We have since implemented further enhancements to our security measures, including with the help of leading global cyber security experts, to prevent such incidents in the future as part of our ongoing commitment to maintaining the security of the data we hold.”
It is not known if the airline was specifically targeted, if the hackers used a known application flaw, or if they used stolen credentials to access the system.
KonBriefing.com, an independent research organization that tracks cyberattacks, said in February that the air transportation sector is being increasingly targeted by hackers, including distributed denial of service (DDoS) attacks. Such an attack is a malicious attempt to disrupt the normal functioning of a network, service, or website by overwhelming it with a flood of internet traffic from multiple sources.
Air Canada said it would have no further comment on the incident.