Saturday, October 16, 2021

Bombardier latest victim of Accellion FTA-related data theft

Business jet manufacture Bombardier says it has suffered a “limited cybersecurity breach” through Accellion’s FTA file transfer application.

“An initial investigation revealed that an unauthorized party accessed and extracted data by exploiting a vulnerability affecting a third-party file-transfer application, which was running on purpose-built servers isolated from the main Bombardier IT network,” the Feb. 23 statement from the Montreal-based company said.

Asked for clarification by ITWorldCanada.com, Anna Cristofaro, Bombardier’s manager of communications, confirmed Accellion FTA was the vulnerable application.

Forensic analysis revealed that personal and other confidential information relating to employees, customers and suppliers was compromised. “Approximately 130 employees located in Costa Rica were impacted,” the Bombardier statement says. The unauthorized access was limited solely to data stored on the specific servers. Manufacturing and customer support operations have not been impacted or interrupted.

“Bombardier can also confirm the company was not specifically targeted,” the company added. “The vulnerability impacted multiple organizations using the application.”

A recent trail

In recent weeks, a number of organizations including the auditor’s office of the state of Washington and the pharmacy departments of the U.S. Kroger supermarket chain, have confirmed they were victims of stolen data through Accellion FTA. According to an analysis this week by FireEye, a threat group leveraging vulnerabilities in FTA is using the dark web site of the Clop ransomware to post evidence to organizations they’ve been hit.

What prompted ITWorldCanada.com to call Bombardier for comment was that earlier this week, the Clop site posted what it says are a number of corporate documents, including flight test reports and parts schematics.

Asked to comment Cristofaro said Bombardier is still investigating and won’t go further than what it has already said.

UPDATE: Bombardier was briefly off and then back on the Clop ransomware site, with more corporate documents allegedly from the company available. These include an alleged 2017 purchase order from a company for an aircraft intercom system and a 2018 amendment to an agreement between Bombardier and a U.S. firm. As for comment on March 1st,  Anna Cristofaro, Bombardier’s manager of communications said she would not comment on “industrial secrets.” Any data compromised is limited to the data stored on certain servers where the file transfer application was installed, she said. “As to ransoms or any other questions relating to the attackers, we do not comment on matters of this nature or otherwise relating to criminal groups.”

Bombardier is a smaller corporation than it was several years ago when it was making trains, snowmobiles and business jets. After having to get out of the commercial aircraft business and selling the railway division, the company is left with manufacturing business jets. Earlier this month, Bombardier said it will stop making the small Learjet line and cut 1,600 jobs. That would bring its total global workforce to about 13,000 people.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Related Tech News