Canadian airplane manufacturer, Bombardier has announced that it recently suffered a limited cybersecurity breach. An initial investigation revealed that an unauthorized party accessed and extracted data by exploiting a vulnerability affecting a third-party file-transfer application, which was running on purpose-built servers isolated from the main Bombardier IT network.
In accordance with established cybersecurity procedures and policies, Bombardier promptly initiated its response protocol upon detection of the data security incident.
As part of its investigation, Bombardier sought the services of cybersecurity and forensic professionals who provided external confirmation that the company’s security controls were effective in limiting the scope and extent of the incident.
Sam Curry, Chief Security Officer at Cybereason, said: “The silver lining for Bombardier is that they can use the opportunity from this latest breach to invest more time in checking all entry points to systems and their global network, and hopefully root out any other suspicious activity. While small in nature, the alarms should be blaring for all companies because Bombardier has admitted that designs for airplanes and plane parts are now available for free on the dark web.”
Bombardier also notified appropriate authorities, including law enforcement, where required and will continue to work with the authorities as the investigation continues.Click below to share this article