Airbus Staff Caught in Data Breach

Airbus has revealed it has been the subject of a cyber-attack affecting its commercial aircraft business, which has compromised employee information.

The aerospace giant revealed in a brief statement that it had notified the relevant authorities, mindful of the need to contact GDPR regulators within 72-hours of discovering a breach.

However, there’s not much else to go on.

It claimed that a cyber-incident on the IT systems of its commercial aircraft business resulted in unauthorized access to data.

“This incident is being thoroughly investigated by Airbus’ experts who have taken immediate and appropriate actions to reinforce existing security measures and to mitigate its potential impact, as well as determining its origins,” it continued.

“Investigations are ongoing to understand if any specific data was targeted, however we do know some personal data was accessed. This is mostly professional contact and IT identification details of some Airbus employees in Europe.”

Airbus staffers, of whom there are roughly 130,000 worldwide, have been told to “take all necessary precautions going forward.” However, there’s no word yet on whether the incident was more serious in scope.

Alongside US firm Boeing, the European giant is the world’s leading manufacturer of commercial aircraft for carriers, delivering a record 800 planes to 93 customers in 2018.

That could make its IP of great value to hackers, according to Max Vetter, chief cyber officer at Immersive Labs.

“A huge amount of capital is poured into R&D in such organizations, a cost which malicious actors can circumvent by trying to steal the resulting data,” he argued.

“It is known that some nation states have been using this kind of espionage to speed up the production of technology for years. For this reason, it is crucial that technical countermeasures and cyber-skills are continually refined to keep pace with attackers."

Airbus claimed, however, that the attack had made “no impact” on its commercial operations.

Back in 2015, Airbus was forced to issue an Alert Operator Transmission (AOT) to all operators of a new A400M cargo plane to check the software in their engines, after a fatal crash on a test flight in Spain.

What’s Hot on Infosecurity Magazine?