Canadian firm Bombardier confirmed today it has suffered a major breach in its cybersecurity whereby the personal and other confidential data relating to employees, customers and suppliers was hacked.
The firm says an initial investigation found out an 'unauthorized party' had not only accessed but also extracted data by exploiting a vulnerability affecting a third-party file-transfer application, which was running on purpose-built servers isolated from the main Bombardier IT network.
Upon discovery of the hack, Bombardier sought the services of cybersecurity and forensic professionals who provided external confirmation that the company’s security controls were effective in limiting the scope and extent of the incident. Bombardier also notified appropriate authorities, including law enforcement and will continue to work with the authorities as the investigation continues.
Bombardier has been proactively contacting customers and other external stakeholders whose data was potentially compromised. The ongoing investigation indicates that the unauthorized access was limited solely to data stored on the specific servers.
Manufacturing and customer support operations have not been impacted or interrupted. Bombardier can also confirm the company was not specifically targeted—the vulnerability impacted multiple organizations using the application.
Bombardier will continue to assess the situation and stay in close contact with its clients, suppliers and employees, as well as other stakeholders.
Recommended for you...
