Bombardier’s supply chain attack, Accellion’s latest victim

By Laura V. Garcia
Canadian plane maker Bombardier adds itself to the growing list of Accellion’s FTA data breach victims...

It’s beginning to feel like groundhog day. Another day, another cyberattack, or so it feels. Although the breach was said to have affected ‘less than 50 customers,’ and within 72 hours Accellion had fixed the zero-day vulnerability, two weeks after disclosure, the impacts are still being felt.

Canadian plane maker Bombardier confirmed yesterday that it had suffered a “limited” security breach.

“Forensic analysis revealed that personal and other confidential information relating to employees, customers and suppliers was compromised,” the firm said in a statement. “Approximately 130 employees located in Costa Rica were impacted. Bombardier has been proactively contacting customers and other external stakeholders whose data was potentially compromised.

“The ongoing investigation indicates that the unauthorised access was limited solely to data stored on the specific servers. Manufacturing and customer support operations have not been impacted or interrupted.

“Bombardier can also confirm the company was not specifically targeted – the vulnerability impacted multiple organisations using the application. Bombardier will continue to assess the situation and stay in close contact with its clients, suppliers and employees, as well as other stakeholders.”

“Accellion has patched all known FTA vulnerabilities exploited by the threat actors and has added new monitoring and alerting capabilities to flag anomalies associated with these attack vectors,” confirmed Accellion in a press release.

Accellion said it had identified two distinct groups of affected FTA users. Out of 300 clients, less than 100 were attack victimes and fewer than 25 are known to have suffered any data loss. Reserve Bank of New Zealan, Singaporean telco Singtel and law firm Jones Day are among those to have had data stolen by the same group said to be responsible for the Accellion attack.

“The fallout from the Accellion-centered breach continues, purportedly this time with Bombardier. The takeaways should be pretty clear to people keeping score. Always keep software up-to-date or replace it with next-generation software that’s supported by the vendor,” said Trevor Morgan, product manager with data security specialists comforte AG in a statement.


Featured Articles

Hitachi Omika Works adopts Qlik for data analytics

James Fisher, Chief Strategy Officer at Qlik, discusses Hitachi’s use of Qlik analytics and revolutionising supply chain decision-making with AI

Fictiv’s Sustainability in Manufacturing report

Nate Evans, Fictiv Co-Founder, on results featured in Fictiv’s Sustainability in Manufacturing report, from renewable energy to carbon reduction strategies

Interview with Matthieu Rambaud, CEO of TRIGO Group

Matthieu Rambaud, CEO of TRIGO Group, is leading the manufacturing technology evolution across the company, while navigating AI & supply chain challenges

Applying the metaverse to the manufacturing industry

Digital Factory

Managing supply & demand in pharma manufacturing

Procurement & Supply Chain

Trend Micro on the future of cybersecurity in manufacturing