Air Canada says hackers accessed limited employee records during cyberattack

Canada’s largest airline announced a data breach this week that involved the information of employees, but said its operations and customer data was not impacted.

Air Canada, one of the world’s oldest airlines running more than 1,300 flights a day, released a statement on Wednesday explaining a recent data breach.

The company did not respond to requests for comment about when the attack occurred and whether it was a byproduct of a ransomware attack.

“An unauthorized group briefly obtained limited access to an internal Air Canada system related to limited personal information of some employees and certain records. We can confirm that our flight operations systems and customer facing systems were not affected,” the company said.

“No customer information was accessed. We have contacted parties whose information has been involved as appropriate, as well as the relevant authorities. We can also confirm all our systems are fully operational.”

The company added that it worked with cybersecurity experts to further lockdown its systems following the incident.

The announcement came on the same day that a cyberattack suspected to be carried out by a pro-Russia hacking group reportedly resulted in widespread service disruptions at several Canadian airports.

The Canada Border Services Agency (CBSA) confirmed to Recorded Future News that the connectivity issues that affected check-in kiosks and electronic gates at airports last week are the result of a distributed denial of service (DDoS) attack.

No group has taken credit for the attack on Air Canada but the country’s businesses have faced relentless attacks from Russia-based actors since Canada’s government announced its support for Ukraine last year.

Data breaches and cyberattacks have become a common affliction for airports over the last decade, with several incidents affecting Scandinavian Airlines, India’s SpiceJet, Air India and Bangkok Air. Several aviation companies like Jeppesen and Accelya have also faced attack.

Last week, European aerospace giant Airbus said it is investigating a cybersecurity incident following reports that a hacker posted information on 3,200 of the company’s vendors to the dark web.

A July report from IBM said the transportation industry had one of the highest breach cost-per-breach figures of any they tracked – with the average breach costing companies in the industry $4.18 million in 2023.