Airbus suffers security breach with personal information stolen

International aerospace juggernaut Airbus that it suffered a security breach which affected its commercial aircraft business.

The breach "resulted in unauthorised access of data", according to Airbus, which included some personal information that was mostly [contained to] professional contact and IT identification details of some Airbus employees in Europe.

"No customer data was subject to unauthorised access," said an Airbus spokesperson.

It's unclear whether the attack was targeted at specific data or whether it was an opportunistic attack, but the manufacturer of the popular A380 aircraft said the "incident is being thoroughly investigated by Airbus" experts who have taken immediate and appropriate actions to reinforce existing security measures and to mitigate its potential impact, as well as determining its origins.

Boeing reportedly hit by WannaCry attacks British Airways says 185,000 more customers affected by second hack attack General Data Protection Regulation (GDPR)

Due to data belonging to EU citizens was at risk, the GDPR requires companies that suffer data breaches to notify relevant authorities as soon as practicable, something that Airbus has done already. "Employees are being advised to take all necessary precautions going forward," said Airbus.

"Airbus continuously monitors activities on its systems, has detection mechanisms in place and constantly shares information with partners and the cybersecurity community, said an Airbus spokesperson. "The incident was detected on 6th January 2019. All of the relevant authorities were informed, including the lead data protection authority for Airbus, the CNIL in France."

"The unauthorized access to employee data and IT identification points to possible identity theft either to impersonate Airbus employees or to abuse employees credentials to gain further access to sensitive systems, which are now common hacking techniques used by cybercriminals and nation-state actors, said Joseph Carson, chief security scientist at Thyotic".

Airbus becomes the third firm in the space of a year in their line industry to suffer from a cyber attack.

March 2018 saw Boeing fall victim to the WannaCry ransomware which impacted its production operations.

And how could we forget the double whammy of British Airways attacks in 2018, the first of which was only uncovered through an investigation of the attack it sustained in September.

The attacks combined to expose and facilitate the theft of hundreds of thousands of customer financial and personal details.

Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.