Bombardier’s supply chain attack, Accellion’s latest victim

By Laura V. Garcia
Canadian plane maker Bombardier adds itself to the growing list of Accellion’s FTA data breach victims...

It’s beginning to feel like groundhog day. Another day, another cyberattack, or so it feels. Although the breach was said to have affected ‘less than 50 customers,’ and within 72 hours Accellion had fixed the zero-day vulnerability, two weeks after disclosure, the impacts are still being felt.

Canadian plane maker Bombardier confirmed yesterday that it had suffered a “limited” security breach.

“Forensic analysis revealed that personal and other confidential information relating to employees, customers and suppliers was compromised,” the firm said in a statement. “Approximately 130 employees located in Costa Rica were impacted. Bombardier has been proactively contacting customers and other external stakeholders whose data was potentially compromised.

“The ongoing investigation indicates that the unauthorised access was limited solely to data stored on the specific servers. Manufacturing and customer support operations have not been impacted or interrupted.

“Bombardier can also confirm the company was not specifically targeted – the vulnerability impacted multiple organisations using the application. Bombardier will continue to assess the situation and stay in close contact with its clients, suppliers and employees, as well as other stakeholders.”

“Accellion has patched all known FTA vulnerabilities exploited by the threat actors and has added new monitoring and alerting capabilities to flag anomalies associated with these attack vectors,” confirmed Accellion in a press release.

Accellion said it had identified two distinct groups of affected FTA users. Out of 300 clients, less than 100 were attack victimes and fewer than 25 are known to have suffered any data loss. Reserve Bank of New Zealan, Singaporean telco Singtel and law firm Jones Day are among those to have had data stolen by the same group said to be responsible for the Accellion attack.

“The fallout from the Accellion-centered breach continues, purportedly this time with Bombardier. The takeaways should be pretty clear to people keeping score. Always keep software up-to-date or replace it with next-generation software that’s supported by the vendor,” said Trevor Morgan, product manager with data security specialists comforte AG in a statement.


Featured Articles

Brooke Weddle: Manufacturing Needs A Rebrand

Brooke Weddle, senior partner at Mckinsey, sat down with Manufacturing Digital to discuss methods to address manufacturing's global hiring crisis

Immensa and Intaj Suhar partner to boost Omani manufacturing

MENA’s leading digital manufacturer Immensa has partnered with Intaj Suhar to enhance Oman’s localised manufacturing through digital inventory solutions

Bain & Company Report: OEMs and Digital Transformation

Bain & Company report urges original equipment manufacturers to embrace digital solutions and shift to a customer-focused mindset to stay competitive

The Factory of the Future: Manufacturers' Biggest Challenges

Smart Manufacturing

Dassault Systèmes Bring AR Manufacturing Showcase to London

Smart Manufacturing

Join Belden for a Free Webinar on Connected Plant Floor Data

Production & Operations