Bombardier’s supply chain attack, Accellion’s latest victim

By Laura V. Garcia
Canadian plane maker Bombardier adds itself to the growing list of Accellion’s FTA data breach victims...

It’s beginning to feel like groundhog day. Another day, another cyberattack, or so it feels. Although the breach was said to have affected ‘less than 50 customers,’ and within 72 hours Accellion had fixed the zero-day vulnerability, two weeks after disclosure, the impacts are still being felt.

Canadian plane maker Bombardier confirmed yesterday that it had suffered a “limited” security breach.

“Forensic analysis revealed that personal and other confidential information relating to employees, customers and suppliers was compromised,” the firm said in a statement. “Approximately 130 employees located in Costa Rica were impacted. Bombardier has been proactively contacting customers and other external stakeholders whose data was potentially compromised.

“The ongoing investigation indicates that the unauthorised access was limited solely to data stored on the specific servers. Manufacturing and customer support operations have not been impacted or interrupted.

“Bombardier can also confirm the company was not specifically targeted – the vulnerability impacted multiple organisations using the application. Bombardier will continue to assess the situation and stay in close contact with its clients, suppliers and employees, as well as other stakeholders.”

“Accellion has patched all known FTA vulnerabilities exploited by the threat actors and has added new monitoring and alerting capabilities to flag anomalies associated with these attack vectors,” confirmed Accellion in a press release.

Accellion said it had identified two distinct groups of affected FTA users. Out of 300 clients, less than 100 were attack victimes and fewer than 25 are known to have suffered any data loss. Reserve Bank of New Zealan, Singaporean telco Singtel and law firm Jones Day are among those to have had data stolen by the same group said to be responsible for the Accellion attack.

“The fallout from the Accellion-centered breach continues, purportedly this time with Bombardier. The takeaways should be pretty clear to people keeping score. Always keep software up-to-date or replace it with next-generation software that’s supported by the vendor,” said Trevor Morgan, product manager with data security specialists comforte AG in a statement.

Share

Featured Articles

ProGlove & topsystem Revolutionise Logistics Solutions

ProGlove & topsystem team up to elevate data capture in manufacturing. Pierre Mikaelsson, CPO at ProGlove, tells us more about innovations in automation

Car Manufacturers Urged to prioritise Inclusive Driving

Matthew Walker of ABC Mobility Group says car manufacturers must ensure disabled drivers’ independence is not compromised by new cybersecurity regulations

Digitising Supply Chains for Due Diligence & Trade

Brent Dawkins, Product Marketing Director at QAD, discusses digital due diligence & why manufacturers must prioritise compliance in today's trade landscape

GTK: IoT, Sustainability & Touchscreen Tech in Manufacturing

AI & Automation

Jabil: Insights on Sustainable Manufacturing Progress Report

Sustainability & ESG

The Impact of NCSA on Manufacturing & the Supply Chain

Procurement & Supply Chain