Aircraft manufacturer Airbus is investigating a security breach that has seen hackers steal personal information from its systems.
In a statement published on its website, Airbus admitted that systems used by its commercial aircraft business had been accessed by an unauthorised party, and personal data related to European employees had been stolen.
According to the manufacturer of the A380, no customer data was accessed by the hackers, and production has not been affected.
What isn’t at all clear at the moment is whether Airbus was specifically targeted, or whether the breach was more the work of an opportunistic hacker.
However, the fact that information about employees was accessed is definitely a cause of concern. Malicious hackers and fraudsters might seek to weaponise such information by targeting particular individuals or assembling convincing emails that target individuals that pretend to come from colleagues.
Airbus says that it is continuing to investigate whether any specific data was targeted.
Airbus’s statement makes no mention of precisely what types of data were accessed by the intruders, but if – for instance – password credentials were included in the haul then that would be of serious concern.
If that were the case, not only might the accounts of Airbus workers be potentially at threat of compromise by the intruders, but there would also be the risk that workers had reused the same passwords at different places online – opening opportunities for other breaches.
It is a sad truth that many people make the mistake of using work credentials for non-work-related services. If you feel it’s something you might be guilty of, take the sensible step of investing in a decent password manager.
Not only will it help store your passwords securely, but it will also reduce the likelihood of you making poor password choices by offering you an easy way to generate a complex, unique password for every online service you require.
Airbus says it is strengthening its existing cybersecurity measures, and taking action to mitigate the incident’s potential impact.
The company says that it has notified affected employees and data protection authorities about the incident, something it is required to do within 72 hours of becoming aware of a data breach under European GDPR regulations.
Other members of the airline industry who have found themselves having to admit in the last year that they have have suffered at the hands of cybercriminals include Boeing, Cathay Pacific and British Airways.